Showing 1 - 1 of 1

CVE-2011-2731

Status Candidate

Overview

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Related Files

Spring Security RunAsManager Privilege Escalation: Posted Sep 9, 2011; Authored by SpringSource Security Team, Rob Winch; Spring Security provides a mechanism (RunAsManager) to allow particular operations to run with a different set of privileges than the predefined user. The implementation contains a race condition whereby the escalated privileges could also be used in a different invocation in another thread. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.; tags | advisory; advisories | CVE-2011-2731; SHA-256 | 47b96c9de342642c2cd4e172c544b89e012a3797e75972454bb8c77cb5091e42; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2011-2731

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems