VIR Vulnerability Intelligence Relay

CVE-2016-5007

high
Published 2017-05-25 · Modified 2024-12-02
CVSS v3
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2
5.0
VIR risk
7.5

Description

Spring Security and Spring Framework may not recognize certain paths that should be protected

Predictions

Exploit likelihood
83%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-5007

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://pivotal.io/security/cve-2016-5007

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed4.3.2-1
debian debianbullseyefixed4.3.2-1
debian debianforkyfixed4.3.2-1
debian debiansidfixed4.3.2-1
debian debiantrixiefixed4.3.2-1

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.springframework:spring-core<4.3.14.3.1
java Mavenorg.springframework.security:spring-security-core<4.1.14.1.1

Application impact
VendorProductVersionsFixed
pivotal_softwarespring_framework3.2.0
pivotal_softwarespring_framework4.0.0
pivotal_softwarespring_framework4.1.0
pivotal_softwarespring_framework4.2.0
vmware vmwarespring_framework3.2.1
vmware vmwarespring_framework3.2.2
vmware vmwarespring_framework3.2.3
vmware vmwarespring_framework3.2.4
vmware vmwarespring_framework3.2.5
vmware vmwarespring_framework3.2.6
vmware vmwarespring_framework3.2.7
vmware vmwarespring_framework3.2.8
vmware vmwarespring_framework3.2.9
vmware vmwarespring_framework3.2.10
vmware vmwarespring_framework3.2.11
vmware vmwarespring_framework3.2.12
vmware vmwarespring_framework3.2.13
vmware vmwarespring_framework3.2.14
vmware vmwarespring_framework3.2.15
vmware vmwarespring_framework3.2.16
vmware vmwarespring_framework3.2.17
vmware vmwarespring_framework3.2.18
vmware vmwarespring_framework4.0.1
vmware vmwarespring_framework4.0.2
vmware vmwarespring_framework4.0.3
vmware vmwarespring_framework4.0.4
vmware vmwarespring_framework4.0.5
vmware vmwarespring_framework4.0.6
vmware vmwarespring_framework4.0.7
vmware vmwarespring_framework4.0.8
vmware vmwarespring_framework4.0.9
vmware vmwarespring_framework4.1.1
vmware vmwarespring_framework4.1.2
vmware vmwarespring_framework4.1.3
vmware vmwarespring_framework4.1.4
vmware vmwarespring_framework4.1.5
vmware vmwarespring_framework4.1.6
vmware vmwarespring_framework4.1.7
vmware vmwarespring_framework4.1.8
vmware vmwarespring_framework4.1.9
vmware vmwarespring_framework4.2.1
vmware vmwarespring_framework4.2.2
vmware vmwarespring_framework4.2.3
vmware vmwarespring_framework4.2.4
vmware vmwarespring_framework4.2.5
vmware vmwarespring_framework4.2.6
vmware vmwarespring_framework4.2.7
vmware vmwarespring_framework4.2.8
vmware vmwarespring_framework4.2.9
vmware vmwarespring_security3.2.0
vmware vmwarespring_security3.2.1
vmware vmwarespring_security3.2.2
vmware vmwarespring_security3.2.3
vmware vmwarespring_security3.2.4
vmware vmwarespring_security3.2.5
vmware vmwarespring_security3.2.6
vmware vmwarespring_security3.2.7
vmware vmwarespring_security3.2.8
vmware vmwarespring_security3.2.9
vmware vmwarespring_security3.2.10
vmware vmwarespring_security4.0.0
vmware vmwarespring_security4.0.1
vmware vmwarespring_security4.0.2
vmware vmwarespring_security4.0.3
vmware vmwarespring_security4.0.4
vmware vmwarespring_security4.1.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.