Vulnerability Description
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pivotal | Spring Security Oauth | 1.0.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/10/16/1
- https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44
- https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f0
- https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc37141
- https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6
- https://pivotal.io/security/cve-2016-4977Vendor Advisory
- http://www.openwall.com/lists/oss-security/2019/10/16/1
- https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44
- https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f0
- https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc37141
- https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6
- https://pivotal.io/security/cve-2016-4977Vendor Advisory
FAQ
What is CVE-2016-4977?
CVE-2016-4977 is a vulnerability with a CVSS score of 8.8 (HIGH). When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enable...
How severe is CVE-2016-4977?
CVE-2016-4977 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4977?
Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Spring Security Oauth.