Spring Security Advisories

All advisories

CVE-2016-4977 Remote Code Execution (RCE) in Spring Security OAuth

HIGH | JULY 05, 2016 | CVE-2016-4977

Description

When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Affected Spring Products and Versions

  • 2.0.0 to 2.0.9
  • 1.0.0 to 1.0.5

Mitigation

Users of affected versions should apply the following mitigation:

  • Users of 1.0.x should not use whitelabel views for approval and error pages
  • Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later

Credit

This issue was found by David Vieira-Kurz (@secalert) and reported by Oliver Schoenherr on behalf of Immobilien Scout GmbH.

References

History

  • 2016-Jul-05: Initial vulnerability report published
  • 2016-Aug-30: Update credit

Reporting a vulnerability

The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.

To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all