Information from NTT DATA Corporation
Vulnerability ID:JVN#15317878
Title:Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS)
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
The vulnerability affect TERASOLUNA Server Framework for Java 5.x below.
- TERASOLUNA Server Framework for Java 5.3.0 -- 5.7.0 and 5.7.0.SP1
- TERASOLUNA Server Framework for Java 5.7.1 and 5.7.1.SP1
- Version 5.7.1 and 5.7.1.SP1 are only impacted when the system use spring-security-oauth2.
- They are not impacted when the system use spring-security-oauth2-client instead of spring-security-oauth2.
- It is not recommended that TERASOLUNA Server Framework for Java 5.7.1 and 5.7.1.SP1 with spring-security-oauth2 together.
