Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-22119

Опубликовано: 28 июн. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Decision Manager 7spring-security-coreNot affected
Red Hat JBoss Fuse 6spring-security-oauth2-clientOut of support scope
Red Hat JBoss Fuse Service Works 6spring-security-coreOut of support scope
Red Hat OpenStack Platform 10 (Newton)opendaylightOut of support scope
Red Hat Process Automation 7spring-security-coreNot affected
Red Hat Fuse 7.11spring-security-oauth2-clientFixedRHSA-2022:553207.07.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1977064spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request

EPSS

Процентиль: 89%
0.04895
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-22119

CVSS3: 7.5
ubuntu
больше 4 лет назад

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

nvd логотип

CVE-2021-22119

CVSS3: 7.5
nvd
больше 4 лет назад

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions.

debian логотип

CVE-2021-22119

CVSS3: 7.5
debian
больше 4 лет назад

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5 ...

github логотип

GHSA-w9jg-gvgr-354m

CVSS3: 7.5
github
больше 4 лет назад

Resource Exhaustion in Spring Security

fstec логотип

BDU:2021-03390

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость Java-фреймворка для обеспечения безопасности промышленных приложений Spring Security, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 89%
0.04895
Низкий

7.5 High

CVSS3