Fluid Attacks Database

Description

Affected versions of this package are vulnerable to Authentication Bypass. The strictness of the Spring Security and the Spring Framework request mapping may differ, which could lead to resources not being secured

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.springframework.security:spring-security-core	>=0 <4.1.1	4.1.1
debian 12	libspring-java	>=0 <4.3.2-1	4.3.2-1
debian 11	libspring-java	>=0 <4.3.2-1	4.3.2-1
debian 14	libspring-java	>=0 <4.3.2-1	4.3.2-1
maven	org.springframework:spring-core	>=0 <4.3.1	4.3.1
debian 13	libspring-java	>=0 <4.3.2-1	4.3.2-1
maven	org.springframework:spring-webmvc	>=3.2.0 <=4.2.9	-
maven	org.springframework.security:spring-security-config	>=3.2.0 <=4.2.9	-
maven	org.springframework.security:spring-security-web	>=3.2.0 <=4.2.9	-

Aliases

1. CVE-2016-50072. NVD-2016-50073. OSV-2016-50074. OSV-DEBIAN-2016-50075. GHSA-8crv-49fr-2h6j6. GCVE-2016-50077. SECURITY-TRACKER-CVE-2016-50078. DB-CVE-2016-5007

References

1. https://github.com/spring-projects/spring-security/issues/39642. https://github.com/spring-projects/spring-framework/commit/a30ab30e4e9ae021fdda04e9abfc228476b846b53. https://github.com/spring-projects/spring-security/commit/e4c13e3c0ee7f06f59d3b43ca6734215ad7d89744. https://pivotal.io/security/cve-2016-50075. https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html6. http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html7. http://www.securityfocus.com/bid/91687

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.