CVE-2012-1833

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.springsource.com/security/cve-2012-1833	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/55763
http://secunia.com/advisories/51113

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:springsource:grails:1.3.2:::::::*
	cpe:2.3:a:springsource:grails:1.3.1:::::::*
	cpe:2.3:a:springsource:grails:1.1.2:::::::*
	cpe:2.3:a:springsource:grails:1.1.1:::::::*
	cpe:2.3:a:springsource:grails:1.1.0:::::::*
	cpe:2.3:a:springsource:grails:1.3.4:::::::*
	cpe:2.3:a:springsource:grails:1.3.3:::::::*
	cpe:2.3:a:springsource:grails:1.2.1:::::::*
	cpe:2.3:a:springsource:grails:1.2.0:::::::*
	cpe:2.3:a:springsource:grails:1.3.6:::::::*
	cpe:2.3:a:springsource:grails:1.3.5:::::::*
	cpe:2.3:a:springsource:grails:1.3.0:::::::*
	cpe:2.3:a:springsource:grails:2.0.1:::::::*
	cpe:2.3:a:springsource:grails:2.0:::::::*
	cpe:2.3:a:springsource:grails:1.2.2:::::::*
	cpe:2.3:a:springsource:grails::::::::

Information

Published : 2012-09-28 14:55

Updated : 2013-03-01 20:40

NVD link : CVE-2012-1833

Mitre link : CVE-2012-1833

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

springsource

grails

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.springsource.com/security/cve-2012-1833", "name": "http://support.springsource.com/security/cve-2012-1833", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/55763", "name": "55763", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/51113", "name": "51113", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1833", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-09-28T21:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:springsource:grails:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.3.7"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-03-02T04:40Z"}

5.0 /10