Pivotal Spring Web Flow CVE-2017-8039 Incomplete Fix Security Bypass Vulnerability

Pivotal Spring Web Flow is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.

Spring Web Flow versions 2.4.0 through 2.4.5 are vulnerable.

NOTE: This issue is the result of an incomplete fix for the issue described in BID 98785 (Pivotal Spring Web Flow CVE-2017-4971 Security Bypass Vulnerability).


Privacy Statement
Copyright 2010, SecurityFocus