HTTP: Pivotal Spring Security OAuth SpelView Code Execution

This signature detects attempts to exploit a known vulnerability against Spring Security OAuth. A successful attack can lead to arbitrary code execution.

Extended Description

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Affected Products

Pivotal spring_security_oauth

References

BugTraq: 91672

CVE: CVE-2016-4977

Short Name
HTTP:CTS:SPRING-OAUTH-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2016-4977 Code Execution OAuth Pivotal Security SpelView Spring bid:91672
Release Date
12/07/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Pivotal

CVSS Score

6.5

Found a potential security threat?