CVE-2016-4977

high-risk
Published 2017-05-25

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Do I need to act?

!
94.1% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (16)

Affected Vendors

Pivotal

References (12)

http://www.openwall.com/lists/oss-security/2019/10/16/1
https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44...
https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f0...
https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc37141...
https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6...
Vendor Advisory https://pivotal.io/security/cve-2016-4977
http://www.openwall.com/lists/oss-security/2019/10/16/1
https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44...
https://lists.apache.org/thread.html/37d7e820fc65a768de3e096e98382d5529a52a039f0...
https://lists.apache.org/thread.html/5e6dd946635bbcc9e1f2591599ad0fab54f2dc37141...
https://lists.apache.org/thread.html/96c017115069408cec5e82ce1e6293facab398011f6...
Vendor Advisory https://pivotal.io/security/cve-2016-4977
68
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 20/34 · Moderate
Exposure 18/34 · Moderate