CVE-2016-4977
First published: Thu May 25 2017(Updated: )
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.springframework.security.oauth:spring-security-oauth2 | >=1.0.0<1.0.5 | 1.0.5 |
| maven/org.springframework.security.oauth:spring-security-oauth2 | >=2.0.0<2.0.10 | 2.0.10 |
| Pivotal Software Spring Security | =1.0.0 | |
| Pivotal Software Spring Security | =1.0.1 | |
| Pivotal Software Spring Security | =1.0.2 | |
| Pivotal Software Spring Security | =1.0.3 | |
| Pivotal Software Spring Security | =1.0.4 | |
| Pivotal Software Spring Security | =1.0.5 | |
| Pivotal Software Spring Security | =2.0.0 | |
| Pivotal Software Spring Security | =2.0.1 | |
| Pivotal Software Spring Security | =2.0.2 | |
| Pivotal Software Spring Security | =2.0.3 | |
| Pivotal Software Spring Security | =2.0.4 | |
| Pivotal Software Spring Security | =2.0.5 | |
| Pivotal Software Spring Security | =2.0.6 | |
| Pivotal Software Spring Security | =2.0.7 | |
| Pivotal Software Spring Security | =2.0.8 | |
| Pivotal Software Spring Security | =2.0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2019/10/16/1
- https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E
- https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0@%3Cdev.fineract.apache.org%3E
- https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6db7e1befbe274@%3Cdev.fineract.apache.org%3E
- https://pivotal.io/security/cve-2016-4977
- https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488%40%3Cdev.fineract.apache.org%3E
- https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f093e59357d0bc0%40%3Cdev.fineract.apache.org%3E
- https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc3714196af3b17893f2%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6db7e1befbe274%40%3Cdev.fineract.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2016-4977
- https://github.com/advisories/GHSA-7q9c-h23x-65fq (Advisory)
Frequently Asked Questions
What is the severity of CVE-2016-4977?
CVE-2016-4977 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2016-4977?
To mitigate CVE-2016-4977, upgrade to Spring Security OAuth version 1.0.6 or 2.0.10 or later.
What are the affected versions in CVE-2016-4977?
CVE-2016-4977 affects Spring Security OAuth versions from 1.0.0 to 1.0.5 and from 2.0.0 to 2.0.9.
What is the primary risk associated with CVE-2016-4977?
The primary risk associated with CVE-2016-4977 is the ability for attackers to execute arbitrary code on the server.
Can CVE-2016-4977 be exploited without user interaction?
Yes, CVE-2016-4977 can be exploited remotely without the need for user interaction.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7q9c-h23x-65fq
- alias/CVE-2016-4977
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/maven
- vendor/pivotal
- canonical/pivotal software spring security
- version/pivotal software spring security/1.0.0
- version/pivotal software spring security/1.0.1
- version/pivotal software spring security/1.0.2
- version/pivotal software spring security/1.0.3
- version/pivotal software spring security/1.0.4
- version/pivotal software spring security/1.0.5
- version/pivotal software spring security/2.0.0
- version/pivotal software spring security/2.0.1
- version/pivotal software spring security/2.0.2
- version/pivotal software spring security/2.0.3
- version/pivotal software spring security/2.0.4
- version/pivotal software spring security/2.0.5
- version/pivotal software spring security/2.0.6
- version/pivotal software spring security/2.0.7
- version/pivotal software spring security/2.0.8
- version/pivotal software spring security/2.0.9