Race Condition Vulnerability in VMware SpringSource Spring Security
CVE-2011-2731

Currently unrated

Key Information:

Vendor
Vmware
Vendor
CVE Published:
5 December 2012

Summary

A race condition is present in the RunAsManager mechanism of VMware SpringSource Spring Security in versions prior to 2.0.7 and 3.0.x before 3.0.6. This flaw permits an attacker to manipulate the shared security context, potentially allowing unauthorized privilege escalation through specially crafted threads. This vulnerability underscores the need for rigorous security practices in concurrent programming environments to prevent unintended access and control.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.