Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2016-4977

UNKNOWN
Published 2017-05-25T17:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2016-4977. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Available Exploits

Spring Security OAuth2 Remote Command Execution

Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.

ID: CVE-2016-4977
Author: princechaddha High

References:

Related News

No news articles found for this CVE.

Affected Products

Pivotal

Spring Security OAuth

Affected Versions:

2.0.0 to 2.0.9 1.0.0 to 1.0.5

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views

GHSA-7q9c-h23x-65fq

Advisory Details

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Affected Packages

Maven org.springframework.security.oauth:spring-security-oauth2
ECOSYSTEM: ≥2.0.0 <2.0.10
Maven org.springframework.security.oauth:spring-security-oauth2
ECOSYSTEM: ≥1.0.0 <1.0.5

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-4977
ADVISORY https://github.com/advisories/GHSA-7q9c-h23x-65fq
WEB https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E
WEB https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0@%3Cdev.fineract.apache.org%3E
WEB https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2@%3Cannounce.apache.org%3E
WEB https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6db7e1befbe274@%3Cdev.fineract.apache.org%3E
WEB https://pivotal.io/security/cve-2016-4977
WEB http://www.openwall.com/lists/oss-security/2019/10/16/1

Advisory provided by GitHub Security Advisory Database. Published: October 18, 2018, Modified: May 14, 2024

References

https://pivotal.io/security/cve-2016-4977
https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0%40%3Cdev.fineract.apache.org%3E
https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488%40%3Cdev.fineract.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/10/16/1
https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6db7e1befbe274%40%3Cdev.fineract.apache.org%3E
Published: 2017-05-25T17:00:00
Last Modified: 2024-08-06T00:46:39.945Z
Copied to clipboard!