Back to search
CVE-2016-4977
Published: May 25, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | Spring Security OAuth | affected 2.0.0 to 2.0.9affected 1.0.0 to 1.0.5 |
References
https://pivotal.io/security/cve-2016-4977
x_refsource_CONFIRM
[fineract-dev] 20191016 [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
mailing-list
x_refsource_MLIST
[fineract-dev] 20191016 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
mailing-list
x_refsource_MLIST
[oss-security] 20191015 Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
mailing-list
x_refsource_MLIST
[announce] 20191016 [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
mailing-list
x_refsource_MLIST
[fineract-dev] 20191021 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now