Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4977Spring Security Oauth vulnerability

CWE-196 documents6 sources
Severity
8.8HIGHNVD
EPSS
93.7%
top 0.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Pivotal Spring Security Oauth
Timeline
PublishedMay 25
Latest updateOct 18

Description

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5pivotal/spring_security_oauth1.0.0 to 1.0.5, 2.0.0 to 2.0.9+1
NVDpivotal/spring_security_oauth16 versions+15

🔴Vulnerability Details

4
GHSA
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views2018-10-18
OSV
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views2018-10-18
CVEList
CVE-2016-4977: When processing authorization requests using the whitelabel views in Spring Security OAuth 22017-05-25
VulnCheck
Spring Security OAuth response_type Parameter Vulnerability2016

💥Exploits & PoCs

1
Nuclei
Spring Security OAuth2 Remote Command Execution
CVE-2016-4977 — Spring Security Oauth vulnerability | cvebase