Vulnerability CVE-2011-2894


Published: 2011-10-04   Modified: 2012-02-13

Description:
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Spring Framework and Spring Security serialization-based remoting vulnerabilities
s2-security
05.10.2011

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Vmware -> Springsource spring framework 
Vmware -> Springsource spring security 

 References:
http://securityreason.com/securityalert/8405
http://www.redhat.com/support/errata/RHSA-2011-1334.html
http://www.securityfocus.com/archive/1/519593/100/0/threaded
http://www.securityfocus.com/bid/49536
http://www.springsource.com/security/cve-2011-2894
https://exchange.xforce.ibmcloud.com/vulnerabilities/69687

Copyright 2024, cxsecurity.com

 

Back to Top