CVE-2016-5007 Spring Security / MVC Path Matching Inconsistency

Spring Framework 4.3.1 and Spring Security 4.1.1 provide fixes for CVE-2016-5007 "Spring Security / MVC Path Matching Inconsistency".

Applications using Spring Security and Spring MVC should upgrade to Spring Security 4.1.1+ and Spring Framework 4.3.1+ and use the MvcRequestMatcher.

Additional details and further mitigations can be found in CVE-2016-5007.

comments powered by Disqus