Spring Security OAuth2 漏洞列表
共找到 3 个与 Spring Security OAuth2 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2016-4977: Spring Security OAuth2 Remote Command Execution POC
Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type. -
CVE-2016-4977: Spring Security OAuth2 Remote Command Execution POC
Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type. -
Spring Security OAuth2 远程命令执行漏洞(CVE-2016-4977) 无POC
Spring Security OAuth 是为 Spring 框架提供安全认证支持的一个模块。在其使用 whitelabel views来处理错误时,由于使用了Springs Expression Language (SpEL),攻击者在被授权的情况下可以通过构造恶意参数来远程执行命令。