Lucene search

Ubuntu.comUB:CVE-2011-2731

HistoryDec 05, 2012 - 12:00 a.m.

CVE-2011-2731

2012-12-0500:00:00

ubuntu.com

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

68.4%

JSON

Race condition in the RunAsManager mechanism in VMware SpringSource Spring
Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication
object in the shared security context, which allows attackers to gain
privileges via a crafted thread.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670901>

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

support.springsource.com/security/cve-2011-2731

launchpad.net/bugs/cve/CVE-2011-2731

nvd.nist.gov/vuln/detail/CVE-2011-2731

security-tracker.debian.org/tracker/CVE-2011-2731

www.cve.org/CVERecord?id=CVE-2011-2731

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

68.4%

JSON

Related for UB:CVE-2011-2731