CVE-2016-4977 – Spring Security OAuth2

Description

Kayran has detected that the Version of Spring Security OAuth being used is vulnerable to Remote Code Executions.
When processing authorization requests using the ‘whitelabel’ views in the versions being used, the ‘response_type’ parameter value is being executed as a Spring SpEL.

CVE-2016-4977 is categorized as a ‘Data Processing Error’ vulnerability (CWE-19).
Weaknesses in this category are typically found in everything related to the functionality that processes data.
Data processing is the manipulation of input to retrieve or save information.

Attackers could abuse it to trigger remote code executions through the crafting of the value for the ‘response_type’ parameter.

That could assist attackers in obtaining sensitive information (Information Disclosure).
There’s a chance that this vulnerability will allow attackers to modify system files and information.
It could also lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2016-4977, upgrade the version of Spring Security OAuth being used to 2.0.10 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4977

https://cwe.mitre.org/data/definitions/19.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »