Critical severity9.8NVD Advisory· Published May 25, 2017· Updated May 13, 2026

CVE-2014-3527

Description

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.springframework.security:spring-security-coreMaven	< 3.1.7	3.1.7
org.springframework.security:spring-security-coreMaven	>= 3.2.0, < 3.2.5	3.2.5

Affected products

VMware/Spring Security10 versions
cpe:2.3:a:vmware:spring_security:3.1.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:vmware:spring_security:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_security:3.2.4:*:*:*:*:*:*:*
Pivotal/Spring Securityv5
Range: 3.1 to 3.2.4

Patches

934937d9c1dc

https://github.com/spring-projects/spring-securityvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-wmv4-5w76-vp9gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-3527ghsaADVISORY
pivotal.io/security/cve-2014-3527nvdVendor AdvisoryWEB
github.com/spring-projects/spring-security/commit/934937d9c1dc20c396b96c08310b72cfa627acbghsaWEB
github.com/spring-projects/spring-security/issues/2907ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000