Russian Vulnerability Scanner Database

Back to List

CVE-2016-1000027

Scores

EPSS

0.604medium60.4%
0%20%40%60%80%100%

Percentile: 60.4%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor’s position is that untrusted data is not an intended use case. The product’s behavior will not be changed because some users rely on deserialization of trusted data.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-502

Related Vulnerabilities

BDU:2022-02190

Exploits

Exploit ID: CVE-2016-1000027

Source: github-poc

URL: https://github.com/Ragatzino/test-cve-2016-1000027

Vulnerable Software (21)

Type: Configuration

Product: libspring-java

Operating System: debian

Trait: 
{  "fixed": "4.2.7-1"}

Source: debian

Type: Configuration

Product: libspring-java

Operating System: ubuntu artful 17.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu bionic 18.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu cosmic 18.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu disco 19.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu eoan 19.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu focal 20.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu groovy 20.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu hirsute 21.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu impish 21.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu jammy 22.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu kinetic 22.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu lunar 23.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu mantic 23.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu noble 24.04

Trait: 
{  "unaffected": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu trusty 14.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu wily 15.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu xenial 16.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu yakkety 16.10

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libspring-java

Operating System: ubuntu zesty 17.04

Trait: 
{  "unfixed": true}

Source: ubuntu