CVE-2018-1270

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Related CPE's

avmwarespring_framework********

avmwarespring_framework********

aoracleretail_xstore_point_of_service7.1*******

aoracleenterprise_manager_ops_center12.2.2*******

aoracleprimavera_gateway16.2*******

aoracleprimavera_gateway15.2*******

aoracleapplication_testing_suite12.5.0.3*******

aoracleretail_back_office14.1*******

aoracleretail_back_office14.0*******

aoracleenterprise_manager_ops_center12.3.3*******

References

https://pivotal.io/security/cve-2018-1270

Vendor Advisory

103696

Third Party AdvisoryVDB Entry

44796

Broken LinkThird Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

PatchThird Party Advisory

RHSA-2018:2939

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

PatchThird Party Advisory

[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)

Mailing ListThird Party Advisory

[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

Mailing ListThird Party Advisory

[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

Mailing ListThird Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

PatchThird Party Advisory

[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

PatchThird Party Advisory

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

Mailing ListThird Party Advisory

[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

PatchThird Party Advisory

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io