CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_framework:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.1.0:*:*:*:*:*:*:*

History

11 Apr 2022, 17:18

Type Values Removed Values Added
CPE cpe:2.3:a:pivotal_software:spring_framework:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.17:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.14:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.16:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.15:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.18:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.13:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_framework:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.18:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:4.1.7:*:*:*:*:*:*:*

08 Jun 2021, 18:22

Type Values Removed Values Added
CPE cpe:2.3:a:pivotal_software:spring_security:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_security:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_security:3.2.9:*:*:*:*:*:*:*

Information

Published : 2017-05-25 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2016-5007

Mitre link : CVE-2016-5007

CVE.ORG link : CVE-2016-5007


JSON object : View

Products Affected

vmware

  • spring_security
  • spring_framework

pivotal_software

  • spring_framework
CWE
CWE-264

Permissions, Privileges, and Access Controls