cvelistv5 - cve-2011-2894

CVE-2011-2894 (GCVE-0-2011-2894)

Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:15

Summary

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.springsource.com/security/cve-2011-2894	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/49536	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/519593/100…	mailing-listx_refsource_BUGTRAQ
	http://www.redhat.com/support/errata/RHSA-2011-13…	vendor-advisoryx_refsource_REDHAT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securityreason.com/securityalert/8405	third-party-advisoryx_refsource_SREASON
	http://osvdb.org/75263	vdb-entryx_refsource_OSVDB
	https://web.archive.org/web/20120307233721/http:/…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:15:31.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.springsource.com/security/cve-2011-2894"
          },
          {
            "name": "49536",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49536"
          },
          {
            "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
          },
          {
            "name": "RHSA-2011:1334",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
          },
          {
            "name": "spring-framework-object-sec-bypass(69687)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
          },
          {
            "name": "8405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8405"
          },
          {
            "name": "75263",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75263"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-17T19:35:42",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.springsource.com/security/cve-2011-2894"
        },
        {
          "name": "49536",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49536"
        },
        {
          "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
        },
        {
          "name": "RHSA-2011:1334",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
        },
        {
          "name": "spring-framework-object-sec-bypass(69687)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
        },
        {
          "name": "8405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8405"
        },
        {
          "name": "75263",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75263"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2894",
    "datePublished": "2011-10-04T10:00:00",
    "dateReserved": "2011-07-27T00:00:00",
    "dateUpdated": "2024-08-06T23:15:31.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.0.5\", \"matchCriteriaId\": \"5B2D5E33-C0EB-4E13-8444-3BA67A486B2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndIncluding\": \"2.0.6\", \"matchCriteriaId\": \"E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.\"}, {\"lang\": \"es\", \"value\": \"Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\\u00f3n de c\\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de la clase java.lang.Runtime.\"}]",
      "id": "CVE-2011-2894",
      "lastModified": "2024-11-21T01:29:13.193",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-10-04T10:55:09.363",
      "references": "[{\"url\": \"http://osvdb.org/75263\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securityreason.com/securityalert/8405\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-1334.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/519593/100/0/threaded\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/49536\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.springsource.com/security/cve-2011-2894\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://osvdb.org/75263\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://securityreason.com/securityalert/8405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-1334.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/519593/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/49536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.springsource.com/security/cve-2011-2894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2894\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-10-04T10:55:09.363\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.\"},{\"lang\":\"es\",\"value\":\"Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\u00f3n de c\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la clase java.lang.Runtime.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.5\",\"matchCriteriaId\":\"5B2D5E33-C0EB-4E13-8444-3BA67A486B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.6\",\"matchCriteriaId\":\"E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/75263\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8405\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1334.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519593/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49536\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.springsource.com/security/cve-2011-2894\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/75263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1334.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519593/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.springsource.com/security/cve-2011-2894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2011_1334

Vulnerability from csaf_redhat - Published: 2011-09-22 16:54 - Updated: 2024-11-22 04:40

Summary

Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update

Notes

Topic

Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0 that fix multiple security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object. (CVE-2011-2894) Note: JBoss Enterprise SOA Platform does not expose applications that deserialize objects from an untrusted source by default. These flaws would affect applications configured to trust a malicious source, for example, if the messaging service was configured to look up a remote messaging queue, and an attacker had control of that queue. All users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red Hat Customer Portal are advised to install this update. Refer to the Solution section for information about installing the update.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0\nthat fix multiple security issues are now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality.\n\nMultiple flaws were found in the way Spring Framework 3 deserialized\ncertain Java objects. If an attacker were able to control the stream from\nwhich an application with the Spring Framework 3 AOP in its class-path was\ndeserializing objects, they could use these flaws to execute arbitrary code\nwith the privileges of the JBoss Application Server process via a\nspecially-crafted, serialized Java object. (CVE-2011-2894)\n\nNote: JBoss Enterprise SOA Platform does not expose applications that\ndeserialize objects from an untrusted source by default. These flaws would\naffect applications configured to trust a malicious source, for example,\nif the messaging service was configured to look up a remote messaging\nqueue, and an attacker had control of that queue.\n\nAll users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red\nHat Customer Portal are advised to install this update. Refer to the\nSolution section for information about installing the update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1334",
        "url": "https://access.redhat.com/errata/RHSA-2011:1334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA"
      },
      {
        "category": "external",
        "summary": "737611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1334.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update",
    "tracking": {
      "current_release_date": "2024-11-22T04:40:53+00:00",
      "generator": {
        "date": "2024-11-22T04:40:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:1334",
      "initial_release_date": "2011-09-22T16:54:00+00:00",
      "revision_history": [
        {
          "date": "2011-09-22T16:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-09-22T13:04:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:40:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss SOA Platform 5.1",
                "product": {
                  "name": "Red Hat JBoss SOA Platform 5.1",
                  "product_id": "Red Hat JBoss SOA Platform 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_soa_platform:5.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Middleware"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-2894",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2011-09-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "737611"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss SOA Platform 5.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "RHBZ#737611",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-2894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894"
        }
      ],
      "release_date": "2011-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-09-22T16:54:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nIf you have created custom applications that are packaged with a copy of\nthe Spring Framework 3 library, those applications must be rebuilt with the\nSpring Framework 3 files provided by this update.\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss SOA Platform 5.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss SOA Platform 5.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization"
    }
  ]
}

RHSA-2011:1334

Vulnerability from csaf_redhat - Published: 2011-09-22 16:54 - Updated: 2025-11-21 17:39

Summary

Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0\nthat fix multiple security issues are now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality.\n\nMultiple flaws were found in the way Spring Framework 3 deserialized\ncertain Java objects. If an attacker were able to control the stream from\nwhich an application with the Spring Framework 3 AOP in its class-path was\ndeserializing objects, they could use these flaws to execute arbitrary code\nwith the privileges of the JBoss Application Server process via a\nspecially-crafted, serialized Java object. (CVE-2011-2894)\n\nNote: JBoss Enterprise SOA Platform does not expose applications that\ndeserialize objects from an untrusted source by default. These flaws would\naffect applications configured to trust a malicious source, for example,\nif the messaging service was configured to look up a remote messaging\nqueue, and an attacker had control of that queue.\n\nAll users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red\nHat Customer Portal are advised to install this update. Refer to the\nSolution section for information about installing the update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1334",
        "url": "https://access.redhat.com/errata/RHSA-2011:1334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA"
      },
      {
        "category": "external",
        "summary": "737611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1334.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:39:00+00:00",
      "generator": {
        "date": "2025-11-21T17:39:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2011:1334",
      "initial_release_date": "2011-09-22T16:54:00+00:00",
      "revision_history": [
        {
          "date": "2011-09-22T16:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-09-22T13:04:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:39:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss SOA Platform 5.1",
                "product": {
                  "name": "Red Hat JBoss SOA Platform 5.1",
                  "product_id": "Red Hat JBoss SOA Platform 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_soa_platform:5.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Middleware"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-2894",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2011-09-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "737611"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss SOA Platform 5.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "RHBZ#737611",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-2894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894"
        }
      ],
      "release_date": "2011-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-09-22T16:54:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nIf you have created custom applications that are packaged with a copy of\nthe Spring Framework 3 library, those applications must be rebuilt with the\nSpring Framework 3 files provided by this update.\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss SOA Platform 5.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss SOA Platform 5.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization"
    }
  ]
}

GHSA-F866-M9MV-2XR3

Vulnerability from github – Published: 2022-05-14 02:54 – Updated: 2024-03-14 21:21

Summary

Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-2894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:57:50Z",
    "nvd_published_at": "2011-10-04T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
  "id": "GHSA-f866-m9mv-2xr3",
  "modified": "2024-03-14T21:21:36Z",
  "published": "2022-05-14T02:54:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/75263"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "type": "WEB",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data"
}

FKIE_CVE-2011-2894

Vulnerability from fkie_nvd - Published: 2011-10-04 10:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/75263	Broken Link
secalert@redhat.com	http://securityreason.com/securityalert/8405	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
secalert@redhat.com	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/75263	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8405	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894

Impacted products

	Vendor	Product	Version
	vmware	spring_framework	*
	vmware	spring_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2D5E33-C0EB-4E13-8444-3BA67A486B2F",
              "versionEndIncluding": "3.0.5",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05",
              "versionEndIncluding": "2.0.6",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
    },
    {
      "lang": "es",
      "value": "Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\u00f3n de c\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la clase java.lang.Runtime."
    }
  ],
  "id": "CVE-2011-2894",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-04T10:55:09.363",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-2894

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2894

Aliases

CVE-2011-2894

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2894",
    "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
    "id": "GSD-2011-2894",
    "references": [
      "https://access.redhat.com/errata/RHSA-2011:1334"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2894"
      ],
      "details": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
      "id": "GSD-2011-2894",
      "modified": "2023-12-13T01:19:07.080173Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2894",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://osvdb.org/75263",
            "refsource": "MISC",
            "url": "http://osvdb.org/75263"
          },
          {
            "name": "http://securityreason.com/securityalert/8405",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8405"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/49536",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/49536"
          },
          {
            "name": "http://www.springsource.com/security/cve-2011-2894",
            "refsource": "MISC",
            "url": "http://www.springsource.com/security/cve-2011-2894"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
          },
          {
            "name": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "refsource": "MISC",
            "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.0.0,2.0.7),[3.0.0,3.0.6)",
          "affected_versions": "All versions starting from 2.0.0 before 2.0.7, all versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-07-20",
          "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "fixed_versions": [
            "2.0.7",
            "3.0.6"
          ],
          "identifier": "CVE-2011-2894",
          "identifiers": [
            "GHSA-f866-m9mv-2xr3",
            "CVE-2011-2894"
          ],
          "not_impacted": "All versions before 2.0.0, all versions starting from 2.0.7 before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework.security/spring-security-core",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to versions 2.0.7, 3.0.6 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "http://securityreason.com/securityalert/8405",
            "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "http://osvdb.org/75263",
            "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "http://www.securityfocus.com/bid/49536",
            "http://www.springsource.com/security/cve-2011-2894",
            "https://github.com/advisories/GHSA-f866-m9mv-2xr3"
          ],
          "uuid": "c4589e88-0ecb-4ff2-b605-cbb1301713af"
        },
        {
          "affected_range": "[3.0.0,3.0.6)",
          "affected_versions": "All versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-07-20",
          "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "fixed_versions": [
            "3.0.6"
          ],
          "identifier": "CVE-2011-2894",
          "identifiers": [
            "GHSA-f866-m9mv-2xr3",
            "CVE-2011-2894"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework/spring-core",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to version 3.0.6 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "http://securityreason.com/securityalert/8405",
            "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "http://osvdb.org/75263",
            "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "http://www.securityfocus.com/bid/49536",
            "http://www.springsource.com/security/cve-2011-2894",
            "https://github.com/advisories/GHSA-f866-m9mv-2xr3"
          ],
          "uuid": "2d68ce32-8884-4fa5-82bf-48008eb2f3d5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.6",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.5",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2894"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49536",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/49536"
            },
            {
              "name": "http://www.springsource.com/security/cve-2011-2894",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.springsource.com/security/cve-2011-2894"
            },
            {
              "name": "75263",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/75263"
            },
            {
              "name": "RHSA-2011:1334",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
            },
            {
              "name": "8405",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/8405"
            },
            {
              "name": "spring-framework-object-sec-bypass(69687)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
            },
            {
              "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
            },
            {
              "name": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
              "refsource": "MISC",
              "tags": [],
              "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-07-17T20:15Z",
      "publishedDate": "2011-10-04T10:55Z"
    }
  }
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

CERTA-2011-AVI-504

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de Spring Framework ont été corrigées. Certaines permettent l'exécution de code arbitraire à distance.

Description

Spring Framework permet le développement d'application Java/JEE.

Plusieurs vulnérabilités de Spring Framework ont été corrigées :

(CVE-2011-2730) une double interprétation d'éléments en langage EL permet à un utilisateur malveillant d'obtenir des informations sans en avoir le droit ;
(CVE-2011-2731) un problème de concurrence dans RunAsManager permet à un utilisateur malveillant d'élever ses privilèges ;
(CVE-2011-2732) une erreur dans le traitement de connexions et des déconnexions permet à un utilisateur malveillant d'injecter du code dans une réponse HTTP ;
(CVE-2011-2894) des erreurs dans la de-serialization d'objets permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Les versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 remédient à ces vulnérabilités.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Spring Framework versions 2.x et 3.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Springsource du 09 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSpring Framework versions 2.x et 3.x.\u003c/p\u003e",
  "content": "## Description\n\nSpring Framework permet le d\u00e9veloppement d\u0027application Java/JEE.\n\nPlusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es\u00a0:\n\n-   (CVE-2011-2730) une double interpr\u00e9tation d\u0027\u00e9l\u00e9ments en langage EL\n    permet \u00e0 un utilisateur malveillant d\u0027obtenir des informations sans\n    en avoir le droit\u00a0;\n-   (CVE-2011-2731) un probl\u00e8me de concurrence dans RunAsManager permet\n    \u00e0 un utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges\u00a0;\n-   (CVE-2011-2732) une erreur dans le traitement de connexions et des\n    d\u00e9connexions permet \u00e0 un utilisateur malveillant d\u0027injecter du code\n    dans une r\u00e9ponse HTTP\u00a0;\n-   (CVE-2011-2894) des erreurs dans la de-serialization d\u0027objets\n    permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\n    arbitraire \u00e0 distance.\n\n## Solution\n\nLes versions 2.0.7, 2.5.6.SEC03, 2.5.7.SR02 et 3.0.6 rem\u00e9dient \u00e0 ces\nvuln\u00e9rabilit\u00e9s.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
    },
    {
      "name": "CVE-2011-2730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2730"
    },
    {
      "name": "CVE-2011-2732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2732"
    },
    {
      "name": "CVE-2011-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2731"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-504",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de Spring Framework ont \u00e9t\u00e9 corrig\u00e9es.\nCertaines permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Spring Framework",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Springsource du 09 septembre 2011",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2894 (GCVE-0-2011-2894)

RHSA-2011_1334

RHSA-2011:1334

GHSA-F866-M9MV-2XR3

FKIE_CVE-2011-2894

GSD-2011-2894

CERTA-2011-AVI-504

Description

Solution

CERTA-2011-AVI-504

Description

Solution

Tags

Sightings

Nomenclature