WS-2016-7107 (Medium) detected in spring-security-web-3.2.4.RELEASE.jar #195

mend-for-github-com · 2021-04-14T01:14:10Z

WS-2016-7107 - Medium Severity Vulnerability

Vulnerable Library - spring-security-web-3.2.4.RELEASE.jar

spring-security-web

Library home page: http://spring.io/spring-security

Path to dependency file: WebGoat-Legacy/pom.xml

Path to vulnerable library: canner/.m2/repository/org/springframework/security/spring-security-web/3.2.4.RELEASE/spring-security-web-3.2.4.RELEASE.jar,WebGoat-Legacy/target/WebGoat-6.0.1/WEB-INF/lib/spring-security-web-3.2.4.RELEASE.jar

Dependency Hierarchy:

❌ spring-security-web-3.2.4.RELEASE.jar (Vulnerable Library)

Found in base branch: master

Vulnerability Details

CSRF tokens in Spring Security through 5.4.5 are vulnerable to a breach attack. Spring Security always returns the same CSRF token to the browser.

Publish Date: 2016-08-02

URL: WS-2016-7107

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Apr 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2016-7107 (Medium) detected in spring-security-web-3.2.4.RELEASE.jar #195

WS-2016-7107 (Medium) detected in spring-security-web-3.2.4.RELEASE.jar #195

mend-for-github-com bot commented Apr 14, 2021

WS-2016-7107 (Medium) detected in spring-security-web-3.2.4.RELEASE.jar #195

WS-2016-7107 (Medium) detected in spring-security-web-3.2.4.RELEASE.jar #195

Comments

mend-for-github-com bot commented Apr 14, 2021

WS-2016-7107 - Medium Severity Vulnerability