CVE-2016-1000027
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Pivotal Spring Framework hasta la versión 5.3.16 sufre un potencial problema de ejecución remota de código (RCE) si se utiliza para la deserialización en Java de datos no confiables. Dependiendo de cómo se implemente la librería dentro de un producto, este problema puede ocurrir o no, y puede ser necesaria la autenticación. NOTA: la posición del proveedor es que los datos no confiables no son un caso de uso previsto. El comportamiento del producto no se modificará porque algunos usuarios dependen de la deserialización de datos de confianza
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-18 CVE Reserved
- 2020-01-02 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (9)
URL | Date | SRC |
---|---|---|
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.json | 2024-08-06 | |
https://www.tenable.com/security/research/tra-2016-20 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | < 6.0.0 Search vendor "Vmware" for product "Spring Framework" and version " < 6.0.0" | - |
Affected
|