#VU82532 Permissions, Privileges, and Access Controls in Spring Security and Pivotal Spring Framework - CVE-2016-5007
Published: October 27, 2023
Vulnerability identifier: #VU82532
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5007
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Spring Security
Pivotal Spring Framework
Spring Security
Pivotal Spring Framework
Software vendor:
VMware, Inc
Pivotal
VMware, Inc
Pivotal
Description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to both Spring Security and the Spring Framework rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. A remote attacker can trigger the vulnerability to bypass security restrictions.
Remediation
Install updates from vendor's website.