{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4842?format=json","vulnerability_id":"VCID-deuk-emca-3kgr","summary":"An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded \"/\" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.","aliases":[{"alias":"CVE-2016-9879"},{"alias":"GHSA-v35c-49j6-q8hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23757?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.10.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.10.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23758?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23759?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-f3g5-hamr-6yar"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-pz7c-p4ze-kfhc"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-xdnd-ar9s-afd8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20140?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-n8yr-3aex-kyah"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148143?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-n8yr-3aex-kyah"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148144?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-n8yr-3aex-kyah"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148145?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-n8yr-3aex-kyah"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148146?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148147?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-ev1k-za9z-87hq"},{"vulnerability":"VCID-nddv-1dfd-jfdd"},{"vulnerability":"VCID-sy5j-6rkg-n3b7"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148148?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148149?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/20143?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.0.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/20141?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148150?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/148151?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-w4q4-38gp-m3d8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/20144?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/143421?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-kqpg-9cqw-nuen"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/82084?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/24203?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159785?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.1.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.1.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159786?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/143419?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-kqpg-9cqw-nuen"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/24204?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159787?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159788?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8jtc-ehgu-x3c5"},{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159789?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159790?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159791?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159792?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23752?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@3.2.9.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@3.2.9.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/143035?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.0.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.0.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23753?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deuk-emca-3kgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/24213?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dfs4-emmn-f3eb"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/24214?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/159793?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23754?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.1.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.1.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/23755?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deuk-emca-3kgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/23756?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cden-3spy-pyhz"},{"vulnerability":"VCID-deuk-emca-3kgr"},{"vulnerability":"VCID-dwcq-d6nf-1ubn"},{"vulnerability":"VCID-f3g5-hamr-6yar"},{"vulnerability":"VCID-hedq-eav6-4fee"},{"vulnerability":"VCID-pz7c-p4ze-kfhc"},{"vulnerability":"VCID-qpxj-fzta-v7bs"},{"vulnerability":"VCID-u6vb-w2bu-ykfk"},{"vulnerability":"VCID-xdnd-ar9s-afd8"},{"vulnerability":"VCID-yeaf-ta2h-p7c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1832","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1832"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9879.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9879","reference_id":"","reference_type":"","scores":[{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55349","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55189","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55231","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55288","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55249","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55274","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55334","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55286","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55329","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55327","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55331","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.5531","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00322","scoring_system":"epss","scoring_elements":"0.55247","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9879"},{"reference_url":"https://github.com/spring-projects/spring-security/commit/666e356ebc479194ba51e43bb99fc42f849b6175","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/spring-projects/spring-security/commit/666e356ebc479194ba51e43bb99fc42f849b6175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9879","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9879"},{"reference_url":"http://www.securityfocus.com/bid/95142","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/95142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409838","reference_id":"1409838","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409838"},{"reference_url":"https://pivotal.io/security/cve-2016-9879","reference_id":"CVE-2016-9879","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pivotal.io/security/cve-2016-9879"},{"reference_url":"https://github.com/advisories/GHSA-v35c-49j6-q8hq","reference_id":"GHSA-v35c-49j6-q8hq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v35c-49j6-q8hq"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":417,"name":"Communication Channel Errors","description":"Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in \"bypass\" attacks, such as those that exploit authentication errors."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."}],"exploits":[],"severity_range_score":"6.5 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deuk-emca-3kgr"}