Description
Kayran has detected that the Version of Spring Security OAuth being used is vulnerable to Remote Code Executions.
When processing authorization requests using the ‘whitelabel’ views in the versions being used, the ‘response_type’ parameter value is being executed as a Spring SpEL.
CVE-2016-4977 is categorized as a ‘Data Processing Error’ vulnerability (CWE-19).
Weaknesses in this category are typically found in everything related to the functionality that processes data.
Data processing is the manipulation of input to retrieve or save information.
Attackers could abuse it to trigger remote code executions through the crafting of the value for the ‘response_type’ parameter.
That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.
It could also lead to a decrease in performance and interruptions in the availability of resources.
Recommendation
To fix CVE-2016-4977, upgrade the version of Spring Security OAuth being used to 2.0.10 or higher.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4977
