9.8

CVE-2016-1000027

Exploit
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareSpring Framework Version < 6.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 32.26% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027
Third Party Advisory
Issue Tracking
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626
Third Party Advisory
Issue Tracking
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417
Third Party Advisory
Issue Tracking
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525
Third Party Advisory
Issue Tracking
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json
Third Party Advisory
Exploit
Broken Link
https://security-tracker.debian.org/tracker/CVE-2016-1000027
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230420-0009/
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
Third Party Advisory
Release Notes
https://www.tenable.com/security/research/tra-2016-20
Third Party Advisory
Exploit