CVE-2011-2731 Vulnerability in maven package org.springframework.security:spring-security-core

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://secunia.com/advisories/55155

http://support.springsource.com/security/cve-2011-2731

http://www.securitytracker.com/id/1029151

Related Vulnerabilities

CVE-2015-5346 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-16303 Vulnerability in npm package generator-jhipster-kotlin

CVE-2021-1628 Vulnerability in maven package org.mule.runtime:mule-core

CVE-2021-3424 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui

Severity

Critical

Classification

CWE-362