CVE-2016-9879

high

Published 2017-01-06 · Modified 2024-11-29

CVSS v3

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

5.0

VIR risk

7.5

Description

Security Constraint Bypass in Spring Security

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: security_alert@emc.com — https://pivotal.io/security/cve-2016-9879

Ecosystem	Package	Vulnerable	Fixed
Maven	org.springframework.security:spring-security-core	`<3.2.10.RELEASE`	`3.2.10.RELEASE`
Maven	org.springframework.security:spring-security-core	`>=4.0.0.RELEASE,<4.1.4.RELEASE`	`4.1.4.RELEASE`
Maven	org.springframework.security:spring-security-core	`>=4.2.0.RELEASE,<4.2.1.RELEASE`	`4.2.1.RELEASE`

Vendor	Product	Versions
vmware	spring_security	`3.2.0`
vmware	spring_security	`3.2.1`
vmware	spring_security	`3.2.2`
vmware	spring_security	`3.2.3`
vmware	spring_security	`3.2.4`
vmware	spring_security	`3.2.5`
vmware	spring_security	`3.2.6`
vmware	spring_security	`3.2.7`
vmware	spring_security	`3.2.8`
vmware	spring_security	`3.2.9`
vmware	spring_security	`4.1.0`
vmware	spring_security	`4.1.1`
vmware	spring_security	`4.1.2`
vmware	spring_security	`4.1.3`
vmware	spring_security	`4.2.0`
ibm	websphere_application_server	`8.5.0.0`
ibm	websphere_application_server	`8.5.0.1`
ibm	websphere_application_server	`8.5.0.2`
ibm	websphere_application_server	`8.5.5.0`
ibm	websphere_application_server	`8.5.5.1`
ibm	websphere_application_server	`8.5.5.2`
ibm	websphere_application_server	`8.5.5.3`
ibm	websphere_application_server	`8.5.5.4`
ibm	websphere_application_server	`8.5.5.5`
ibm	websphere_application_server	`8.5.5.6`
ibm	websphere_application_server	`8.5.5.7`
ibm	websphere_application_server	`8.5.5.8`
ibm	websphere_application_server	`8.5.5.9`

CWE-417

Verify integrity in audit chain (admin only). AS-IS.