CVE-2016-4977

HIGH EXPLOITED NUCLEI

Pivotal Spring Security Oauth < 2.0.10 - Remote Code Execution

Title source: rule

Description

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Exploits (2)

nomisec SCANNER 154 stars
by tpt11fb · poc
https://github.com/tpt11fb/SpringVulScan
nomisec WORKING POC
by N0b1e6 · remote
https://github.com/N0b1e6/CVE-2016-4977-POC

Nuclei Templates (1)

Spring Security OAuth2 Remote Command Execution
HIGHby princechaddha

References (6)

Scores

CVSS v3 8.8
EPSS 0.9366
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-08-14
CWE
CWE-19
Status published
Products (19)
org.springframework.security.oauth/spring-security-oauth2 2.0.0 - 2.0.10Maven
Pivotal/Spring Security OAuth 1.0.0 to 1.0.5
Pivotal/Spring Security OAuth 2.0.0 to 2.0.9
pivotal/spring_security_oauth 1.0.0
pivotal/spring_security_oauth 1.0.1
pivotal/spring_security_oauth 1.0.2
pivotal/spring_security_oauth 1.0.3
pivotal/spring_security_oauth 1.0.4
pivotal/spring_security_oauth 1.0.5
pivotal/spring_security_oauth 2.0.0
... and 9 more
Published May 25, 2017
Tracked Since Feb 18, 2026