CVE-2014-3527
- EPSS 0.36%
- Published 25.05.2017 17:29:00
- Last modified 20.04.2025 01:37:25
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authent...
CVE-2014-0097
- EPSS 0.31%
- Published 25.05.2017 17:29:00
- Last modified 20.04.2025 01:37:25
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
CVE-2016-9879
- EPSS 0.32%
- Published 06.01.2017 22:59:00
- Last modified 20.04.2025 01:37:25
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "...
CVE-2011-2894
- EPSS 15.08%
- Published 04.10.2011 10:55:09
- Last modified 11.04.2025 00:51:21
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and exec...