Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 stores the Authentication object in the shared security context, which allows malicious users to gain privileges via a crafted thread.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware springsource spring security 2.0.4 |
||
vmware springsource spring security 2.0.5 |
||
vmware springsource spring security 2.0.2 |
||
vmware springsource spring security 2.0.3 |
||
vmware springsource spring security |
||
vmware springsource spring security 2.0.0 |
||
vmware springsource spring security 2.0.1 |
||
vmware springsource spring security 3.0.3 |
||
vmware springsource spring security 3.0.4 |
||
vmware springsource spring security 3.0.0 |
||
vmware springsource spring security 3.0.1 |
||
vmware springsource spring security 3.0.2 |