CVSS: 9.8EPSS: 76%CPEs: 70EXPL: 4CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite que las aplicaciones expongan STOMP en endpoints WebSocket con un simple agente STOMP en memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede manipular un mensaje al agente que desemboca en un ataque de ejecución remota de código. Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability. • https://github.com/CaledoniaProject/CVE-2018-1270 https://github.com/Venscor/CVE-2018-1270 https://github.com/tafamace/CVE-2018-1270 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103696 https://access.redhat.com/errata/RHSA-2018:2939 https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E https://lists& • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-9878 – Framework: Directory Traversal in the Spring Framework ResourceServlet
https://notcve.org/view.php?id=CVE-2016-9878
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Un problema fue descubierto en Pivotal Spring Framework en versiones anteriores a 3.2.18, 4.2.x en versiones anteriores a 4.2.9 y 4.3.x en versiones anteriores a 4.3.5. Las rutas proporcionadas al ResourceServlet no fueron desinfectadas adecuadamente y como resultado expuestas a ataques de salto de directorio. It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95072 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2017:3115 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://pivotal.io/security/cve-2016-9878 https://security.netapp.com/adviso • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 25%CPEs: 34EXPL: 0CVE-2014-0054 – Framework: incomplete fix for CVE-2013-7315/CVE-2013-6429
https://notcve.org/view.php?id=CVE-2014-0054
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. Jaxb2RootElementHttpMessageConverter en Spring MVC en Spring Framework anterior a 3.2.8 y 4.0.0 anterior a 4.0.2 no deshabilita resolución de entidad externa, lo que permite a atacantes remotos leer archivos arbitrarios, causar una denegación de servicio y realizar ataques CSRF a través de XML manipulado, también conocido como un problema de entidad externa XML (XXE). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-4152, CVE-2013-7315 y CVE-2013-6429. • http://rhn.redhat.com/errata/RHSA-2014-0400.html http://secunia.com/advisories/57915 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/66148 https://jira.spring.io/browse/SPR-11376 https://access.redhat.com/security/cve/CVE-2014-0054 https://bugzilla.redhat.com/show_bug.cgi?id=1075328 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 28EXPL: 1CVE-2013-7315
https://notcve.org/view.php?id=CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. El Spring MVC en Spring Framework anterior a 3.2.4 y 4.0.0.M1 hasta 4.0.0.M2 no desactiva la resolución de entidades externas para la StAX XMLInputFactory, que permite a atacantes dependientes de contexto para leer archivos arbitrarios, provocar una denegación de servicio, y llevar a cabo ataques CSRF través de XML manipulado con JAXB, también conocido como un problema XML External Entity (XXE) , y una vulnerabilidad diferente a CVE-2013-4152. NOTA: este problema se separó de CVE-2013-4152, debido a las diferentes versiones afectadas. • http://seclists.org/bugtraq/2013/Aug/154 http://seclists.org/fulldisclosure/2013/Nov/14 http://www.debian.org/security/2014/dsa-2842 http://www.gopivotal.com/security/cve-2013-4152 http://www.securityfocus.com/bid/77998 https://jira.springsource.org/browse/SPR-10806 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 93%CPEs: 27EXPL: 1CVE-2013-4152 – Framework: XML External Entity (XXE) injection flaw
https://notcve.org/view.php?id=CVE-2013-4152
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. El wrapper Spring OXM en Spring Framework anterior a la versión 3.2.4 y 4.0.0.M1, cuando se usa el JAXB marshaller, no desactiva la resolución de entidad, lo que permite a atacantes dependientes del contexto leer archivos arbitrarios, provocar una denegación de servicio, o llevar a cabo ataques de CSRF a través de una declaración de entidad XML externa en conjunción con una referencia de entidad en (1) DOMSource, (2) StAXSource, (3) SAXSource, o (4) StreamSource, también conocido como una vulnerabilidad XXE. • http://rhn.redhat.com/errata/RHSA-2014-0212.html http://rhn.redhat.com/errata/RHSA-2014-0245.html http://rhn.redhat.com/errata/RHSA-2014-0254.html http://rhn.redhat.com/errata/RHSA-2014-0400.html http://seclists.org/bugtraq/2013/Aug/154 http://seclists.org/fulldisclosure/2013/Nov/14 http://secunia.com/advisories/56247 http://secunia.com/advisories/57915 http://www.debian.org/security/2014/dsa-2842 http://www.gopivotal.com/security/cve-2013-4152 http://w • CWE-264: Permissions, Privileges, and Access Controls •