FKIE_CVE-2011-2894

Vulnerability from fkie_nvd - Published: 2011-10-04 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
References
secalert@redhat.comhttp://osvdb.org/75263Broken Link
secalert@redhat.comhttp://securityreason.com/securityalert/8405Third Party Advisory
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1334.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/519593/100/0/threadedThird Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/49536Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.springsource.com/security/cve-2011-2894Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69687Third Party Advisory, VDB Entry
secalert@redhat.comhttps://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/75263Broken Link
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8405Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-1334.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/519593/100/0/threadedThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49536Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.springsource.com/security/cve-2011-2894Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69687Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_security *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2D5E33-C0EB-4E13-8444-3BA67A486B2F",
              "versionEndIncluding": "3.0.5",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05",
              "versionEndIncluding": "2.0.6",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
    },
    {
      "lang": "es",
      "value": "Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\u00f3n de c\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la clase java.lang.Runtime."
    }
  ],
  "id": "CVE-2011-2894",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-04T10:55:09.363",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.