CVE-2011-2731

Currently unrated

Key Information:

Vendor: Vmware
Status: Springsource Spring Security
Vendor: CVE Published:; 5 December 2012

Summary

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

References

http://support.springsource.com/security/cve-2011-2731

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

x_refsource_MISC

http://secunia.com/advisories/55155

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Jul 11, 2011