Pivotal Spring Security
3 CVEs affecting Pivotal Spring Security. Latest disclosed: 2017-05-25. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-3527 | Critical | 9.8 | 2017-05-25 | When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a… |
CVE-2016-5007 | High | 7.5 | 2017-05-25 | Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping req… |
CVE-2014-0097 | High | 7.3 | 2017-05-25 | The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous… |