Lucene search
Veracode Vulnerability DatabaseVERACODE:3178HistoryDec 28, 2016 - 6:10 a.m.
Security Constraint Bypass
2016-12-2806:10:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
46.6%
Spring security web is vulnerable to security constraint bypass. It does not consider URL path parameters when processing security constraints. By adding an URL path parameter with an encoded / to a request, an attacker is able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed.
Related
nvd
nvd
CVE-2016-9879
2017-01-06 22:59:00
osv
osv
Security Constraint Bypass in Spring Security
2020-09-15 20:30:34
CVE-2016-9879
2017-01-06 22:59:00
nessus
nessus
Fedora 25 : springframework-security (2017-16a7aa8e4f)
2017-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: springframework-security-3.2.10-1.fc25
2017-01-12 05:26:38
prion
prion
Design/Logic Flaw
2017-01-06 22:59:00
openvas
openvas
Fedora Update for springframework-security FEDORA-2017-16a7aa8e4f
2017-01-13 00:00:00
cvelist
cvelist
CVE-2016-9879
2017-01-06 22:00:00
redhatcve
redhatcve
CVE-2016-9879
2017-01-03 15:18:10
cve
cve
CVE-2016-9879
2017-01-06 22:59:00
github
github
Security Constraint Bypass in Spring Security
2020-09-15 20:30:34
redhat
redhat