| Vulnerability Name: | CVE-2011-2894 (CCN-69687) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2011-09-09 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2011-09-09 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2022-07-17 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-502 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2894 Source: OSVDB Type: Broken Link 75263 Source: CCN Type: SA45942 Spring Framework Multiple Vulnerabilities Source: SREASON Type: Third Party Advisory 8405 Source: CCN Type: OSVDB ID: 75263 Spring Framework Multiple Unspecified Object Deserialization Arbitrary Command Execution Source: REDHAT Type: Third Party Advisory RHSA-2011:1334 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20110909 CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Source: BID Type: Third Party Advisory, VDB Entry 49536 Source: CCN Type: BID-49536 Spring Framework and Spring Security Remote Security Bypass Vulnerability Source: CCN Type: SpringSource Security Advisory Spring Framework and Spring Security serialization-based remoting vulnerabilities Source: CONFIRM Type: Vendor Advisory http://www.springsource.com/security/cve-2011-2894 Source: XF Type: Third Party Advisory, VDB Entry spring-framework-object-sec-bypass(69687) Source: XF Type: UNKNOWN spring-framework-object-sec-bypass(69687) Source: MISC Type: UNKNOWN https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||