Path Parameter Bypass Vulnerability in Pivotal Spring Security
CVE-2016-9879

7.5HIGH

Key Information:

Vendor
Vmware
Status
Pivotal Spring Security Before 3.2.10, 4.1.x Before 4.1.4, And 4.2.x Before 4.2.1
Vendor
CVE Published:
6 January 2017

Summary

A vulnerability exists in Pivotal Spring Security where URL path parameters are not considered when enforcing security constraints. This issue can lead to security bypasses when an attacker strategically includes an encoded '/' in the request. The problem is rooted in the inconsistencies in the handling of path parameters across different Servlet containers, particularly how they return values for getPathInfo(). Notably, users of Apache Tomcat are safeguarded since it adheres to established guidelines by stripping path parameters, whereas users of IBM WebSphere Application Server 8.5.x and other unverified containers may be at risk.

Affected Version(s)

Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1 Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1

References

https://access.redhat.com/errata/RHSA-2017:1832
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/95142
vdb-entryx_refsource_BID
https://pivotal.io/security/cve-2016-9879
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.