First published: Thu Jan 02 2020(Updated: )
Pivota Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the library. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.springframework:spring-web | <6.0.0 | 6.0.0 |
VMware Spring Framework | <6.0.0 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 | |
debian/libspring-java | 4.3.30-1 4.3.30-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000027 is a vulnerability in the Pivotal Spring Framework that allows a remote attacker to execute arbitrary code on the system.
CVE-2016-1000027 occurs due to a potential remote code execution (RCE) issue when the Pivotal Spring Framework is used for Java deserialization of untrusted data.
CVE-2016-1000027 has a severity rating of 9.8 (Critical).
The Pivotal Spring Framework versions before 6.0.0, the libspring-java package on Debian, and IBM QRadar SIEM versions 7.5.0 - 7.5.0 UP6 are affected by CVE-2016-1000027.
To fix CVE-2016-1000027, upgrade to Pivotal Spring Framework 6.0.0 or later, update the libspring-java package on Debian to versions 4.3.22-4 or 4.3.30-2, and upgrade IBM QRadar SIEM to a version beyond 7.5.0 UP6.