Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
578
VMScore

CVE-2016-4977

Published: 25/05/2017 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Spring Security Oauth

Vulnerability Summary

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal spring security oauth 2.0.4

pivotal spring security oauth 2.0.3

pivotal spring security oauth 1.0.2

pivotal spring security oauth 1.0.4

pivotal spring security oauth 2.0.6

pivotal spring security oauth 2.0.5

pivotal spring security oauth 1.0.3

pivotal spring security oauth 2.0.9

pivotal spring security oauth 1.0.1

pivotal spring security oauth 2.0.0

pivotal spring security oauth 1.0.5

pivotal spring security oauth 2.0.2

pivotal spring security oauth 2.0.8

pivotal spring security oauth 2.0.7

pivotal spring security oauth 2.0.1

pivotal spring security oauth 1.0.0

Github Repositories

https://github.com/b1narygl1tch/awesome-oauth-sec

OAuth2.0 and OpenID from an information security perspective

Awesome OAuth20 and OpenID Connect Security OAuth20 and OpenID from an information security perspective Specifications The OAuth 20 Authorization Framework (RFC 6749) OAuth 20 Threat Model and Security Considerations (RFC 6819) Articles OAuth 2 Simplified OAuth 20 Diagrams And Movies Of All The OAuth 20 Flows Which OAuth 20 Flow Should I Use? Publications about OAuth &a

References

CWE-19https://pivotal.io/security/cve-2016-4977http://www.openwall.com/lists/oss-security/2019/10/16/1https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0%40%3Cdev.fineract.apache.org%3Ehttps://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488%40%3Cdev.fineract.apache.org%3Ehttps://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6db7e1befbe274%40%3Cdev.fineract.apache.org%3Ehttps://nvd.nist.govhttps://github.com/b1narygl1tch/awesome-oauth-sec
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook