cvelistv5 - cve-2011-2731

CVE-2011-2731 (GCVE-0-2011-2731)

Vulnerability from cvelistv5 – Published: 2012-12-05 17:00 – Updated: 2024-08-06 23:08

Summary

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://support.springsource.com/security/cve-2011-2731	x_refsource_CONFIRM
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814	x_refsource_MISC
	http://secunia.com/advisories/55155	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1029151	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.springsource.com/security/cve-2011-2731"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
          },
          {
            "name": "55155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55155"
          },
          {
            "name": "1029151",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029151"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-11T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.springsource.com/security/cve-2011-2731"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
        },
        {
          "name": "55155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55155"
        },
        {
          "name": "1029151",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029151"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2731",
    "datePublished": "2012-12-05T17:00:00",
    "dateReserved": "2011-07-11T00:00:00",
    "dateUpdated": "2024-08-06T23:08:23.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.6\", \"matchCriteriaId\": \"D0758437-7387-404F-9AC8-DFE044F713D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.5\", \"matchCriteriaId\": \"D24B6283-AC10-411C-BC40-FF9CDD4984EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49404CD7-2E0D-479C-AAC4-0B84AEFB724E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D78BB50-F222-46BC-AEAA-8B1DADE2E38C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49CC9A95-6EA8-4F95-BBD1-D306D831636D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F694360-D48E-4ECB-9B32-8A83803E0A68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EE84C44-3D48-4F5B-B168-80F583E84C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C672302-C952-4EC0-A833-34382F7CC47A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D802BACB-E48F-4430-9C93-5029B596DDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FED53F75-200C-40F4-A282-E0DBDBDB4DE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DD07175-064C-46D2-B76A-17A642FB7D75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E96BD784-6C39-4FC2-AF5D-C21465D17925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A9A32B-E092-4016-8D63-4CAA52FA8421\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.\"}, {\"lang\": \"es\", \"value\": \"Condici\\u00f3n de carrera en el mecanismo RunAsManager en Mware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 almacena el objeto Authentication en el contexto de seguridad compartida, lo que permite a atacantes remotos ganar privilegios a trav\\u00e9s de un hilo manipulado.\"}]",
      "id": "CVE-2011-2731",
      "lastModified": "2024-11-21T01:28:51.227",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-12-05T17:55:01.460",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/55155\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.springsource.com/security/cve-2011-2731\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1029151\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/55155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.springsource.com/security/cve-2011-2731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1029151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2731\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-12-05T17:55:01.460\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.\"},{\"lang\":\"es\",\"value\":\"Condici\u00f3n de carrera en el mecanismo RunAsManager en Mware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 almacena el objeto Authentication en el contexto de seguridad compartida, lo que permite a atacantes remotos ganar privilegios a trav\u00e9s de un hilo manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.6\",\"matchCriteriaId\":\"D0758437-7387-404F-9AC8-DFE044F713D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.5\",\"matchCriteriaId\":\"D24B6283-AC10-411C-BC40-FF9CDD4984EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49404CD7-2E0D-479C-AAC4-0B84AEFB724E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D78BB50-F222-46BC-AEAA-8B1DADE2E38C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49CC9A95-6EA8-4F95-BBD1-D306D831636D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F694360-D48E-4ECB-9B32-8A83803E0A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE84C44-3D48-4F5B-B168-80F583E84C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C672302-C952-4EC0-A833-34382F7CC47A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D802BACB-E48F-4430-9C93-5029B596DDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED53F75-200C-40F4-A282-E0DBDBDB4DE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DD07175-064C-46D2-B76A-17A642FB7D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96BD784-6C39-4FC2-AF5D-C21465D17925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A9A32B-E092-4016-8D63-4CAA52FA8421\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/55155\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.springsource.com/security/cve-2011-2731\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1029151\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/55155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.springsource.com/security/cve-2011-2731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1029151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

GSD-2011-2731

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2731

Aliases

CVE-2011-2731

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2731",
    "description": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.",
    "id": "GSD-2011-2731"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2731"
      ],
      "details": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.",
      "id": "GSD-2011-2731",
      "modified": "2023-12-13T01:19:07.140956Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2731",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
          },
          {
            "name": "http://secunia.com/advisories/55155",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/55155"
          },
          {
            "name": "http://www.securitytracker.com/id/1029151",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1029151"
          },
          {
            "name": "http://support.springsource.com/security/cve-2011-2731",
            "refsource": "MISC",
            "url": "http://support.springsource.com/security/cve-2011-2731"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.0.7),[3.0.0,3.0.6)",
          "affected_versions": "All versions before 2.0.7, all versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-362",
            "CWE-937"
          ],
          "date": "2022-07-13",
          "description": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.",
          "fixed_versions": [
            "2.0.7",
            "3.0.6"
          ],
          "identifier": "CVE-2011-2731",
          "identifiers": [
            "GHSA-4644-hg35-55m9",
            "CVE-2011-2731"
          ],
          "not_impacted": "All versions starting from 2.0.7 before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework.security/spring-security-core",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to versions 2.0.7, 3.0.6 or above.",
          "title": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2731",
            "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
            "http://support.springsource.com/security/cve-2011-2731",
            "https://github.com/advisories/GHSA-4644-hg35-55m9"
          ],
          "uuid": "8d93f7d5-408f-4d0a-b37a-15579f38f745"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2731"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814",
              "refsource": "MISC",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
            },
            {
              "name": "http://support.springsource.com/security/cve-2011-2731",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.springsource.com/security/cve-2011-2731"
            },
            {
              "name": "55155",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/55155"
            },
            {
              "name": "1029151",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029151"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-24T03:32Z",
      "publishedDate": "2012-12-05T17:55Z"
    }
  }
}

FKIE_CVE-2011-2731

Vulnerability from fkie_nvd - Published: 2012-12-05 17:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
secalert@redhat.com	http://secunia.com/advisories/55155
secalert@redhat.com	http://support.springsource.com/security/cve-2011-2731	Vendor Advisory
secalert@redhat.com	http://www.securitytracker.com/id/1029151
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55155
af854a3a-2127-422b-91ae-364da2661108	http://support.springsource.com/security/cve-2011-2731	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029151

Impacted products

Vendor	Product	Version
vmware	springsource_spring_security	*
vmware	springsource_spring_security	*
vmware	springsource_spring_security	2.0.0
vmware	springsource_spring_security	2.0.1
vmware	springsource_spring_security	2.0.2
vmware	springsource_spring_security	2.0.3
vmware	springsource_spring_security	2.0.4
vmware	springsource_spring_security	2.0.5
vmware	springsource_spring_security	3.0.0
vmware	springsource_spring_security	3.0.1
vmware	springsource_spring_security	3.0.2
vmware	springsource_spring_security	3.0.3
vmware	springsource_spring_security	3.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0758437-7387-404F-9AC8-DFE044F713D8",
              "versionEndIncluding": "2.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24B6283-AC10-411C-BC40-FF9CDD4984EE",
              "versionEndIncluding": "3.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49404CD7-2E0D-479C-AAC4-0B84AEFB724E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D78BB50-F222-46BC-AEAA-8B1DADE2E38C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49CC9A95-6EA8-4F95-BBD1-D306D831636D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F694360-D48E-4ECB-9B32-8A83803E0A68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE84C44-3D48-4F5B-B168-80F583E84C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C672302-C952-4EC0-A833-34382F7CC47A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D802BACB-E48F-4430-9C93-5029B596DDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED53F75-200C-40F4-A282-E0DBDBDB4DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD07175-064C-46D2-B76A-17A642FB7D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96BD784-6C39-4FC2-AF5D-C21465D17925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A9A32B-E092-4016-8D63-4CAA52FA8421",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el mecanismo RunAsManager en Mware SpringSource Spring Security antes de v2.0.7 y v3.0.x antes de v3.0.6 almacena el objeto Authentication en el contexto de seguridad compartida, lo que permite a atacantes remotos ganar privilegios a trav\u00e9s de un hilo manipulado."
    }
  ],
  "id": "CVE-2011-2731",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-05T17:55:01.460",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55155"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.springsource.com/security/cve-2011-2731"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1029151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.springsource.com/security/cve-2011-2731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029151"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4644-HG35-55M9

Vulnerability from github – Published: 2022-05-17 04:59 – Updated: 2022-07-13 17:46

Summary

Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-2731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:46:37Z",
    "nvd_published_at": "2012-12-05T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.",
  "id": "GHSA-4644-hg35-55m9",
  "modified": "2022-07-13T17:46:37Z",
  "published": "2022-05-17T04:59:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2731"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-security"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814"
    },
    {
      "type": "WEB",
      "url": "http://support.springsource.com/security/cve-2011-2731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2731 (GCVE-0-2011-2731)

CERTA-2011-AVI-504

Description

Solution

CERTA-2011-AVI-504

Description

Solution

GSD-2011-2731

FKIE_CVE-2011-2731

GHSA-4644-HG35-55M9

Tags

Sightings

Nomenclature