CVE-2011-2731
Last modified
CVE-2011-2731 is a vulnerability of currently unknown severity. Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Springsource Spring Security | <= 2.0.6 |
| Vmware | Springsource Spring Security | <= 3.0.5 |
| Vmware | Springsource Spring Security | 2.0.0 |
| Vmware | Springsource Spring Security | 2.0.1 |
| Vmware | Springsource Spring Security | 2.0.2 |
| Vmware | Springsource Spring Security | 2.0.3 |
| Vmware | Springsource Spring Security | 2.0.4 |
| Vmware | Springsource Spring Security | 2.0.5 |
| Vmware | Springsource Spring Security | 3.0.0 |
| Vmware | Springsource Spring Security | 3.0.1 |
| Vmware | Springsource Spring Security | 3.0.2 |
| Vmware | Springsource Spring Security | 3.0.3 |
| Vmware | Springsource Spring Security | 3.0.4 |
References
- http://support.springsource.com/security/cve-2011-2731Vendor Advisory
- http://support.springsource.com/security/cve-2011-2731Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-2731?
How severe is CVE-2011-2731?
How do I fix CVE-2011-2731?
Are you affected by CVE-2011-2731?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST