CVE-2011-2731

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:springsource_spring_security:3.0.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-05 17:55

Updated : 2024-02-28 12:00


NVD link : CVE-2011-2731

Mitre link : CVE-2011-2731

CVE.ORG link : CVE-2011-2731


JSON object : View

Products Affected

vmware

  • springsource_spring_security
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')