CVE-2018-2861
https://notcve.org/view.php?id=CVE-2018-2861
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Back Office accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Back Office. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103809 •
CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite que las aplicaciones expongan STOMP en endpoints WebSocket con un simple agente STOMP en memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede manipular un mensaje al agente que desemboca en un ataque de ejecución remota de código. Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability. • https://github.com/CaledoniaProject/CVE-2018-1270 https://github.com/Venscor/CVE-2018-1270 https://github.com/tafamace/CVE-2018-1270 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103696 https://access.redhat.com/errata/RHSA-2018:2939 https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E https://lists& • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVE-2018-1272 – spring-framework: Multipart content pollution
https://notcve.org/view.php?id=CVE-2018-1272
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, proporciona soporte del lado de cliente a peticiones multipart. Cuando las aplicaciones Spring MVC o Spring WebFlux (servidor A) reciben entradas de un cliente remoto y, a continuación, emplea esa entrada para realizar una petición multipart a otro servidor (servidor B), pueden verse expuestas a un ataque en el que un multipart extra se inserta en el contenido de la petición del servidor A. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103697 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:2669 https://pivotal.io/security/cve-2018-1272 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpujan20 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2018-1271 – spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
https://notcve.org/view.php?id=CVE-2018-1271
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite que las aplicaciones configuren Spring MVC para que sirva recursos estáticos (por ejemplo, CSS, JS o imágenes). Cuando se sirven recursos estáticos desde un sistema de archivos en Windows (en contraposición a classpath o a ServletContext), un usuario malicioso puede enviar una petición mediante una URL especialmente manipulada que puede llevar a un ataque de salto de directorio. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103699 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2018:2939 https://pivotal.io/security/cve-2018-1271 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https: • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-10423
https://notcve.org/view.php?id=CVE-2017-10423
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101342 http://www.securityfocus.com/bid/101380 •