Vulnerability in N/a
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occu…
EPSS: 0.604 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
- artem-smotrakov/cve-2016-1000027-poc
- tina94happy/Spring-Web-5xx-Mitigated-version
- Ragatzino/test-cve-2016-1000027
- yihtserns/spring-web-without-remoting
- ARPSyndicate/cvemon
- Challengers-win/Sec-Interview-ai
- IkerSaint/VULNAPP-vulnerable-app
- Live-Hack-CVE/CVE-2016-1000
- Live-Hack-CVE/CVE-2016-1000027
- NicheToolkit/rest-toolkit
References
- www.tenable.com/security/research/tra-2016-20
- raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx…
- security-tracker.debian.org/tracker/CVE-2016-1000027
- bugzilla.redhat.com/show_bug.cgi
- github.com/spring-projects/spring-framework/issues/24434
- github.com/spring-projects/spring-framework/issues/24434
- spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now
- github.com/spring-projects/spring-framework/issues/24434
- security.netapp.com/advisory/ntap-20230420-0009/
Frequently asked questions
- What is CVE-2016-1000027?
- CVE-2016-1000027 is a vulnerability in N/a. Published 2020-01-02.
- Is CVE-2016-1000027 known to be exploited?
- 33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.