Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2011-2894

Published: 04/10/2011 Updated: 17/07/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Spring Security

Vulnerability Summary

Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring security

vmware spring framework

Vendor Advisories

Debian CVElist Bug Report Logs: Spring: Multiple security issues
Debian Bug report logs - #670901 Spring: Multiple security issues Package: libspring-security-20-java; Maintainer for libspring-security-20-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Mon, 30 Apr 2012 07:57:05 UTC ...

Github Repositories

https://github.com/pwntester/SpringBreaker

Exploit PoC for Spring RCE issue (CVE-2011-2894)

SpringBreaker Exploit PoC for Spring RCE issue (CVE-2011-2894)

https://github.com/kajalNair/OSWE-Prep

An OSWE Guide

OSWE-Prep An OSWE Guide WriteUps stacktrac3co/oswe-review-awae-course/ githubcom/wetw0rk/AWAE-PREP] githubcom/timip/OSWE forumhacktheboxeu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside anchorfm/dayzerosec/episodes/Offensive-Securitys-OSWEAWAE--Massive-Security-failures--and-a-handful-of-cool-attacks-e45m85 wwwlin

https://github.com/rahulm2794/API

OSWE-Prep An OSWE Guide WriteUps stacktrac3co/oswe-review-awae-course/ githubcom/wetw0rk/AWAE-PREP] githubcom/timip/OSWE forumhacktheboxeu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside anchorfm/dayzerosec/episodes/Offensive-Securitys-OSWEAWAE--Massive-Security-failures--and-a-handful-of-cool-attacks-e45m85 wwwlin

References

CWE-502http://www.securityfocus.com/bid/49536http://www.springsource.com/security/cve-2011-2894http://osvdb.org/75263http://www.redhat.com/support/errata/RHSA-2011-1334.htmlhttp://securityreason.com/securityalert/8405https://exchange.xforce.ibmcloud.com/vulnerabilities/69687http://www.securityfocus.com/archive/1/519593/100/0/threadedhttps://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670901https://nvd.nist.govhttps://github.com/pwntester/SpringBreaker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook