CVE-2011-2894

EUVD-2022-3723

04.10.2011, 10:55

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Affected Products (NVD)

Vendor	Product	Version
vmware	spring_framework	3.0.0 ≤ 𝑥 ≤ 3.0.5
vmware	spring_security	2.0.0 ≤ 𝑥 ≤ 2.0.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

libspring-2.5-java

artful	dne
bionic	dne
cosmic	dne
disco	dne
hardy	dne
lucid	ignored
maverick	ignored
natty	ignored
oneiric	ignored
precise	dne
quantal	dne
raring	dne
saucy	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

libspring-java

artful	ignored
bionic	not-affected
cosmic	not-affected
disco	not-affected
hardy	dne
lucid	dne
maverick	dne
natty	dne
oneiric	ignored
precise	ignored
quantal	ignored
raring	ignored
saucy	ignored
trusty	not-affected
utopic	ignored
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	ignored
zesty	ignored

libspring-security-2.0-java

artful	dne
bionic	dne
cosmic	dne
disco	dne
hardy	dne
lucid	dne
maverick	ignored
natty	ignored
oneiric	ignored
precise	ignored
quantal	ignored
raring	ignored
saucy	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	dne
yakkety	dne
zesty	dne

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

http://osvdb.org/75263

http://securityreason.com/securityalert/8405

http://www.redhat.com/support/errata/RHSA-2011-1334.html

http://www.securityfocus.com/archive/1/519593/100/0/threaded

http://www.securityfocus.com/bid/49536

http://www.springsource.com/security/cve-2011-2894

https://exchange.xforce.ibmcloud.com/vulnerabilities/69687

https://web.archive.org/web/20120307233721/http://www.springsource.com/security/cve-2011-2894