Lucene search
K
VmwareSpringsource Spring Security

4 matches found

CVE
CVE
added 2010/10/29 6:0 p.m.106 views

CVE-2010-3700

CVE-2010-3700 affects Spring Security (SpringSource) 2.x up to 2.0.5 and 3.x up to 3.0.3, and Acegi Security 1.0.0–1.0.7, notably when used in IBM WebSphere Application Server 6.1/7.0. The root cause is that URL path parameters are not consistently excluded from getPathInfo(), allowing an attacke...

5CVSS6.5AI score0.01673EPSS
Web
CVE
CVE
added 2012/12/05 5:0 p.m.93 views

CVE-2011-2731

CVE-2011-2731 concerns a race condition in the RunAsManager of VMware SpringSource Spring Security. The vulnerability arises when an escalated Authentication object is stored in the shared security context, which could allow another thread to observe or gain privileges. Affected are Spring Securi...

5.1CVSS6.7AI score0.01246EPSS
CVE
CVE
added 2012/12/05 5:0 p.m.90 views

CVE-2012-5055

CVE-2012-5055 affects VMware SpringSource Spring Security: DaoAuthenticationProvider does not compare the password when the username is not found, causing a shorter response delay that could enable remote attackers to enumerate valid usernames via login requests. Affected versions include Spring ...

5CVSS9.2AI score0.01936EPSS
CVE
CVE
added 2012/12/05 5:0 p.m.78 views

CVE-2011-2732

Spring Security vulnerability (CVE-2011-2732) involves CRLF injection in logout handling via the spring-security-redirect parameter, allowing header injection and HTTP response splitting. Affected versions: 2.0.0–2.0.6 and 3.0.0–3.0.5. Root cause: shared logout code reads the redirect parameter f...

4.3CVSS7AI score0.04608EPSS