CVE-2016-4977 Remote Code Execution (RCE) in Spring Security OAuth
Severity
Important
Vendor
Spring by Pivotal
Versions Affected
- 2.0.0 to 2.0.9
- 1.0.0 to 1.0.5
Description
When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Mitigation
Users of affected versions should apply the following mitigation:
- Users of 1.0.x should not use whitelabel views for approval and error pages
- Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later
Credit
This issue was found by David Vieira-Kurz (@secalert) and reported by Oliver Schoenherr on behalf of Immobilien Scout GmbH.
References
History
2016-Jul-05: Initial vulnerability report published
2016-Aug-30: Update credit