Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2016-9879
HistoryJan 03, 2017 - 3:18 p.m.

CVE-2016-9879

2017-01-0315:18:10
redhat.com
access.redhat.com
15

EPSS

0.001

Percentile

46.6%

JSON

It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint.

Mitigation

Use a Servlet container known not to include path parameters in the return values for getServletPath() and getPathInfo()

Related

prion 1
fedora 1
osv 2
openvas 1
nvd 1
nessus 1
github 1
cve 1
veracode 1
cvelist 1
redhat 1
prion
prion
Design/Logic Flaw
2017-01-06 22:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: springframework-security-3.2.10-1.fc25
2017-01-12 05:26:38
osv
osv
CVE-2016-9879
2017-01-06 22:59:00
Security Constraint Bypass in Spring Security
2020-09-15 20:30:34
openvas
openvas
Fedora Update for springframework-security FEDORA-2017-16a7aa8e4f
2017-01-13 00:00:00
nvd
nvd
CVE-2016-9879
2017-01-06 22:59:00
nessus
nessus
Fedora 25 : springframework-security (2017-16a7aa8e4f)
2017-01-13 00:00:00
github
github
Security Constraint Bypass in Spring Security
2020-09-15 20:30:34
cve
cve
CVE-2016-9879
2017-01-06 22:59:00
veracode
veracode
Security Constraint Bypass
2016-12-28 06:10:16
cvelist
cvelist
CVE-2016-9879
2017-01-06 22:00:00
redhat
redhat
(RHSA-2017:1832) Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
2017-08-10 22:51:20

EPSS

0.001

Percentile

46.6%

JSON
Related for RH:CVE-2016-9879
prion1fedora1osv2openvas1nvd1nessus1github1cve1veracode1cvelist1redhat1