Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2731

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2011-2731
Last Modified 23 Oct 2013 11:32:16
Published 05 Dec 2012 12:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-2731

Summary

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Vulnerable Systems

Application

  • Vmware Springsource Spring Security 2.0.0

  • Vmware Springsource Spring Security 2.0.1

  • Vmware Springsource Spring Security 2.0.2

  • Vmware Springsource Spring Security 2.0.3

  • Vmware Springsource Spring Security 2.0.4

  • Vmware Springsource Spring Security 2.0.5

  • Vmware Springsource Spring Security 2.0.6

  • Vmware Springsource Spring Security 3.0.0

  • Vmware Springsource Spring Security 3.0.1

  • Vmware Springsource Spring Security 3.0.2

  • Vmware Springsource Spring Security 3.0.3

  • Vmware Springsource Spring Security 3.0.4

  • Vmware Springsource Spring Security 3.0.5


References

CONFIRM - http://support.springsource.com/security/cve-2011-2731

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

SECTRACK - 1029151

SECUNIA - 55155


Last Updated: 27 May 2016 11:01:27