What is CVE-2016-5007?

CVE-2016-5007 is a high-severity vulnerability in Pivotal Spring Framework, classified under CWE-264. CVSS score: 7.5/10. Published 2017-05-25.

How severe is CVE-2016-5007?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2016-5007 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Framework

CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern…

EPSS: 0.002 (36.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Pivotal Spring Framework — versions older unsupported versions are also affected, 4.2.x, 3.2.x
Pivotal Spring Security — versions 4.1.0, 3.2.x, 4.0.x
Pivotal_software Spring_framework — versions 3.2.0, 4.0.0, 4.1.0
Vmware Spring_framework — versions 3.2.1, 3.2.2, 3.2.3
Vmware Spring_security — versions 3.2.0, 3.2.1, 3.2.2

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

security_alert@emc.com (x_refsource_CONFIRM)
security_alert@emc.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)
security_alert@emc.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-5007?: CVE-2016-5007 is a high-severity vulnerability in Pivotal Spring Framework, classified under CWE-264. CVSS score: 7.5/10. Published 2017-05-25.
How severe is CVE-2016-5007?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2016-5007 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.