cvelistv5 - cve-2011-2894

CVE-2011-2894 (GCVE-0-2011-2894)

Vulnerability from cvelistv5

Published

2011-10-04 10:00

Modified

2024-08-06 23:15

Severity ?

CWE

Summary

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

References

►

URL

Tags

secalert@redhat.com	http://osvdb.org/75263	Broken Link
secalert@redhat.com	http://securityreason.com/securityalert/8405	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
secalert@redhat.com	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/75263	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8405	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:15:31.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.springsource.com/security/cve-2011-2894"
          },
          {
            "name": "49536",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49536"
          },
          {
            "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
          },
          {
            "name": "RHSA-2011:1334",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
          },
          {
            "name": "spring-framework-object-sec-bypass(69687)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
          },
          {
            "name": "8405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8405"
          },
          {
            "name": "75263",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/75263"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-17T19:35:42",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.springsource.com/security/cve-2011-2894"
        },
        {
          "name": "49536",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49536"
        },
        {
          "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
        },
        {
          "name": "RHSA-2011:1334",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
        },
        {
          "name": "spring-framework-object-sec-bypass(69687)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
        },
        {
          "name": "8405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8405"
        },
        {
          "name": "75263",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/75263"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2894",
    "datePublished": "2011-10-04T10:00:00",
    "dateReserved": "2011-07-27T00:00:00",
    "dateUpdated": "2024-08-06T23:15:31.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2894\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-10-04T10:55:09.363\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.\"},{\"lang\":\"es\",\"value\":\"Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\u00f3n de c\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la clase java.lang.Runtime.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.0.5\",\"matchCriteriaId\":\"5B2D5E33-C0EB-4E13-8444-3BA67A486B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.6\",\"matchCriteriaId\":\"E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/75263\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8405\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1334.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519593/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49536\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.springsource.com/security/cve-2011-2894\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/75263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/8405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1334.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/519593/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/49536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.springsource.com/security/cve-2011-2894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/69687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2011-2894

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-2894

Aliases

CVE-2011-2894

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2894",
    "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
    "id": "GSD-2011-2894",
    "references": [
      "https://access.redhat.com/errata/RHSA-2011:1334"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2894"
      ],
      "details": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
      "id": "GSD-2011-2894",
      "modified": "2023-12-13T01:19:07.080173Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2894",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://osvdb.org/75263",
            "refsource": "MISC",
            "url": "http://osvdb.org/75263"
          },
          {
            "name": "http://securityreason.com/securityalert/8405",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/8405"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/49536",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/49536"
          },
          {
            "name": "http://www.springsource.com/security/cve-2011-2894",
            "refsource": "MISC",
            "url": "http://www.springsource.com/security/cve-2011-2894"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
          },
          {
            "name": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "refsource": "MISC",
            "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.0.0,2.0.7),[3.0.0,3.0.6)",
          "affected_versions": "All versions starting from 2.0.0 before 2.0.7, all versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-07-20",
          "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "fixed_versions": [
            "2.0.7",
            "3.0.6"
          ],
          "identifier": "CVE-2011-2894",
          "identifiers": [
            "GHSA-f866-m9mv-2xr3",
            "CVE-2011-2894"
          ],
          "not_impacted": "All versions before 2.0.0, all versions starting from 2.0.7 before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework.security/spring-security-core",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to versions 2.0.7, 3.0.6 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "http://securityreason.com/securityalert/8405",
            "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "http://osvdb.org/75263",
            "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "http://www.securityfocus.com/bid/49536",
            "http://www.springsource.com/security/cve-2011-2894",
            "https://github.com/advisories/GHSA-f866-m9mv-2xr3"
          ],
          "uuid": "c4589e88-0ecb-4ff2-b605-cbb1301713af"
        },
        {
          "affected_range": "[3.0.0,3.0.6)",
          "affected_versions": "All versions starting from 3.0.0 before 3.0.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-07-20",
          "description": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "fixed_versions": [
            "3.0.6"
          ],
          "identifier": "CVE-2011-2894",
          "identifiers": [
            "GHSA-f866-m9mv-2xr3",
            "CVE-2011-2894"
          ],
          "not_impacted": "All versions before 3.0.0, all versions starting from 3.0.6",
          "package_slug": "maven/org.springframework/spring-core",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to version 3.0.6 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687",
            "http://securityreason.com/securityalert/8405",
            "http://www.redhat.com/support/errata/RHSA-2011-1334.html",
            "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
            "http://osvdb.org/75263",
            "http://www.securityfocus.com/archive/1/519593/100/0/threaded",
            "http://www.securityfocus.com/bid/49536",
            "http://www.springsource.com/security/cve-2011-2894",
            "https://github.com/advisories/GHSA-f866-m9mv-2xr3"
          ],
          "uuid": "2d68ce32-8884-4fa5-82bf-48008eb2f3d5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.6",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.5",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2894"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49536",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/49536"
            },
            {
              "name": "http://www.springsource.com/security/cve-2011-2894",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.springsource.com/security/cve-2011-2894"
            },
            {
              "name": "75263",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/75263"
            },
            {
              "name": "RHSA-2011:1334",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
            },
            {
              "name": "8405",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/8405"
            },
            {
              "name": "spring-framework-object-sec-bypass(69687)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
            },
            {
              "name": "20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
            },
            {
              "name": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894",
              "refsource": "MISC",
              "tags": [],
              "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-07-17T20:15Z",
      "publishedDate": "2011-10-04T10:55Z"
    }
  }
}

rhsa-2011:1334

Vulnerability from csaf_redhat

Published

2011-09-22 16:54

Modified

2024-11-22 04:40

Summary

Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update

Notes

Topic

Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0 that fix multiple security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object. (CVE-2011-2894) Note: JBoss Enterprise SOA Platform does not expose applications that deserialize objects from an untrusted source by default. These flaws would affect applications configured to trust a malicious source, for example, if the messaging service was configured to look up a remote messaging queue, and an attacker had control of that queue. All users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red Hat Customer Portal are advised to install this update. Refer to the Solution section for information about installing the update.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0\nthat fix multiple security issues are now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality.\n\nMultiple flaws were found in the way Spring Framework 3 deserialized\ncertain Java objects. If an attacker were able to control the stream from\nwhich an application with the Spring Framework 3 AOP in its class-path was\ndeserializing objects, they could use these flaws to execute arbitrary code\nwith the privileges of the JBoss Application Server process via a\nspecially-crafted, serialized Java object. (CVE-2011-2894)\n\nNote: JBoss Enterprise SOA Platform does not expose applications that\ndeserialize objects from an untrusted source by default. These flaws would\naffect applications configured to trust a malicious source, for example,\nif the messaging service was configured to look up a remote messaging\nqueue, and an attacker had control of that queue.\n\nAll users of JBoss Enterprise SOA Platform 5.1.0 as provided from the Red\nHat Customer Portal are advised to install this update. Refer to the\nSolution section for information about installing the update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2011:1334",
        "url": "https://access.redhat.com/errata/RHSA-2011:1334"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.1.0+GA"
      },
      {
        "category": "external",
        "summary": "737611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1334.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update",
    "tracking": {
      "current_release_date": "2024-11-22T04:40:53+00:00",
      "generator": {
        "date": "2024-11-22T04:40:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2011:1334",
      "initial_release_date": "2011-09-22T16:54:00+00:00",
      "revision_history": [
        {
          "date": "2011-09-22T16:54:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2011-09-22T13:04:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T04:40:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss SOA Platform 5.1",
                "product": {
                  "name": "Red Hat JBoss SOA Platform 5.1",
                  "product_id": "Red Hat JBoss SOA Platform 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_soa_platform:5.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Middleware"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-2894",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2011-09-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "737611"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss SOA Platform 5.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "RHBZ#737611",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737611"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2011-2894",
          "url": "https://www.cve.org/CVERecord?id=CVE-2011-2894"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894"
        }
      ],
      "release_date": "2011-09-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2011-09-22T16:54:00+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nIf you have created custom applications that are packaged with a copy of\nthe Spring Framework 3 library, those applications must be rebuilt with the\nSpring Framework 3 files provided by this update.\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss SOA Platform 5.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2011:1334"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss SOA Platform 5.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Security: Chosen commands execution on the server (Framework) or authentication token bypass (Security) by objects de-serialization"
    }
  ]
}

fkie_cve-2011-2894

Vulnerability from fkie_nvd

Published

2011-10-04 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/75263	Broken Link
secalert@redhat.com	http://securityreason.com/securityalert/8405	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
secalert@redhat.com	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/75263	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8405	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2011-1334.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/519593/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/49536	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.springsource.com/security/cve-2011-2894	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/69687	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894

Impacted products

	Vendor	Product	Version
	vmware	spring_framework	*
	vmware	spring_security	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B2D5E33-C0EB-4E13-8444-3BA67A486B2F",
              "versionEndIncluding": "3.0.5",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70D7978-F4CA-4D4E-BC3A-48DD0ADECA05",
              "versionEndIncluding": "2.0.6",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class."
    },
    {
      "lang": "es",
      "value": "Spring Framework v3.0.0 hasta la v3.0.5, v3.0.0 hasta la de Spring Security v3.0.5 y v2.0.0 y v2.0.6, y posiblemente otras versiones permite des-serializar objetos de fuentes no fiables, lo que permite a atacantes remotos eludir las restricciones de seguridad existentes y permite la ejecuci\u00f3n de c\u00f3digo no seguro (1) serializando una instancia de java.lang.Proxy y mediante el uso de InvocationHandler, o (2) accediendo a las interfaces internas AOP, como se demuestra con la des-serializaci\u00f3n de una instancia de DefaultListableBeanFactory para ejecutar c\u00f3digo arbitrario a trav\u00e9s de la clase java.lang.Runtime."
    }
  ],
  "id": "CVE-2011-2894",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-10-04T10:55:09.363",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/75263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-f866-m9mv-2xr3

Vulnerability from github

Published

2022-05-14 02:54

Modified

2024-03-14 21:21

Summary

Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-2894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T17:57:50Z",
    "nvd_published_at": "2011-10-04T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.",
  "id": "GHSA-f866-m9mv-2xr3",
  "modified": "2024-03-14T21:21:36Z",
  "published": "2022-05-14T02:54:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2894"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/070a723ef2c886770a063eb9a67f84f74e06edfb"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69687"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/75263"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8405"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-1334.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/519593/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/49536"
    },
    {
      "type": "WEB",
      "url": "http://www.springsource.com/security/cve-2011-2894"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-2894 (GCVE-0-2011-2894)

Vulnerability from cvelistv5

gsd-2011-2894

Vulnerability from gsd

rhsa-2011:1334

Vulnerability from csaf_redhat

fkie_cve-2011-2894

Vulnerability from fkie_nvd

ghsa-f866-m9mv-2xr3

Vulnerability from github

Tags

Sightings

Nomenclature