Lucene search

Ubuntu.comUB:CVE-2011-2731

HistoryDec 05, 2012 - 12:00 a.m.

CVE-2011-2731

2012-12-0500:00:00

ubuntu.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.0%

JSON

Race condition in the RunAsManager mechanism in VMware SpringSource Spring
Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication
object in the shared security context, which allows attackers to gain
privileges via a crafted thread.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670901>

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

support.springsource.com/security/cve-2011-2731

launchpad.net/bugs/cve/CVE-2011-2731

nvd.nist.gov/vuln/detail/CVE-2011-2731

security-tracker.debian.org/tracker/CVE-2011-2731

www.cve.org/CVERecord?id=CVE-2011-2731

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for UB:CVE-2011-2731