Race Condition Vulnerability in VMware SpringSource Spring Security
CVE-2011-2731

Currently unrated

Key Information:

Vendor: Vmware
Status: Springsource Spring Security
Vendor: CVE Published:; 5 December 2012

Summary

A race condition is present in the RunAsManager mechanism of VMware SpringSource Spring Security in versions prior to 2.0.7 and 3.0.x before 3.0.6. This flaw permits an attacker to manipulate the shared security context, potentially allowing unauthorized privilege escalation through specially crafted threads. This vulnerability underscores the need for rigorous security practices in concurrent programming environments to prevent unintended access and control.

References

http://support.springsource.com/security/cve-2011-2731

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

x_refsource_MISC

http://secunia.com/advisories/55155

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Jul 11, 2011