CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. • http://www.securityfocus.com/bid/105703 https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/ • CWE-20: Improper Input Validation •
CVE-2018-1000632 – dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
https://notcve.org/view.php?id=CVE-2018-1000632
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. dom4j en versiones anteriores a la 2.1.1 contiene una vulnerabilidad CWE-91: Inyección XML en Clase: Element. Métodos: addElement, addAttribute que puede resulta en que un atacante manipule documentos XML mediante la inyección XML. • https://access.redhat.com/errata/RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:3172 https://github.com/dom4j/dom4j/commit • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria sin restringir en Google Guava 11.0 hasta las versiones 24.x anteriores a la 24.1.1 permite que los atacantes remotos realicen ataques de denegación de servicio (DoS) contra servidores que dependen de esta librería y que deserialicen datos proporcionados por dichos atacantes debido a que la clase AtomicDoubleArray (cuando se serializa con serialización Java) y la clase CompoundOrdering (cuando se serializa con serialización GWT) realiza una asignación sin comprobar adecuadamente lo que ha enviado un cliente y si el tamaño de los datos es razonable. A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service. • http://www.securitytracker.com/id/1041707 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2598 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:274 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite que las aplicaciones expongan STOMP en endpoints WebSocket con un simple agente STOMP en memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede manipular un mensaje al agente que desemboca en un ataque de ejecución remota de código. Pivotal Spring Java Framework versions 5.0.x and below suffer from a remote code execution vulnerability. • https://github.com/CaledoniaProject/CVE-2018-1270 https://github.com/Venscor/CVE-2018-1270 https://github.com/tafamace/CVE-2018-1270 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103696 https://access.redhat.com/errata/RHSA-2018:2939 https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E https://lists& • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVE-2018-1272 – spring-framework: Multipart content pollution
https://notcve.org/view.php?id=CVE-2018-1272
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, proporciona soporte del lado de cliente a peticiones multipart. Cuando las aplicaciones Spring MVC o Spring WebFlux (servidor A) reciben entradas de un cliente remoto y, a continuación, emplea esa entrada para realizar una petición multipart a otro servidor (servidor B), pueden verse expuestas a un ataque en el que un multipart extra se inserta en el contenido de la petición del servidor A. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103697 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:2669 https://pivotal.io/security/cve-2018-1272 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpujan20 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •