Permissions, Privileges, and Access Controls in Spring Security and Pivotal Spring Framework - CVE-2016-5007
Published: October 27, 2023
Vulnerability identifier: #VU82532
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5007
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Pivotal
Pivotal
Affected software:
Spring Security
Pivotal Spring Framework
Spring Security
Pivotal Spring Framework
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to both Spring Security and the Spring Framework rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. A remote attacker can trigger the vulnerability to bypass security restrictions.
How to mitigate CVE-2016-5007
Install updates from vendor's website.