PT-2017-8634 · Spring · Spring Security Oauth

David Vieira-Kurz

Published

2017-05-25

Updated

2019-10-16

CVE-2016-4977

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spring Security OAuth versions 1.0.0 through 1.0.5 Spring Security OAuth versions 2.0.0 through 2.0.9

Description The issue allows a malicious user to trigger remote code execution by crafting the value for the response type parameter, which is executed as Spring SpEL when processing authorization requests using the whitelabel views.

Recommendations For versions 1.0.0 through 1.0.5, update to a version that fixes this issue. For versions 2.0.0 through 2.0.9, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of the response type parameter in the affected API endpoint until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2016-4977

GHSA-7Q9C-H23X-65FQ

Affected Products

Spring Security Oauth

PT-2017-8634 · Spring · Spring Security Oauth

CVE-2016-4977

Weakness Enumeration

Related Identifiers

Affected Products

References · 15