CVE-2018-1275
spring-framework: Address partial fix for CVE-2018-1270
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
Spring Framework, en versiones anteriores a las comprendidas entre la 5.0 y la 5.0.5, versiones 4.3 anteriores a la 4.3.16 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de ejecución remota de código. Este CVE hace referencia a una solución parcial de CVE-2018-1270 en la rama 4.3.x de Spring Framework.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-06 CVE Reserved
- 2018-04-11 CVE Published
- 2024-08-13 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-358: Improperly Implemented Security Check for Standard
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103771 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041301 | Third Party Advisory | |
| https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E | Mailing List | |
| https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E | Mailing List | |
| https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E | Mailing List | |
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuoct2021.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1320 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2018:2939 | 2023-11-07 | |
| https://pivotal.io/security/cve-2018-1275 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-1275 | 2018-10-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1565307 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | >= 4.3.0 < 4.3.16 Search vendor "Vmware" for product "Spring Framework" and version " >= 4.3.0 < 4.3.16" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Spring Framework Search vendor "Vmware" for product "Spring Framework" | >= 5.0.0 < 5.0.5 Search vendor "Vmware" for product "Spring Framework" and version " >= 5.0.0 < 5.0.5" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Testing Suite Search vendor "Oracle" for product "Application Testing Suite" | 12.5.0.3 Search vendor "Oracle" for product "Application Testing Suite" and version "12.5.0.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Testing Suite Search vendor "Oracle" for product "Application Testing Suite" | 13.1.0.1 Search vendor "Oracle" for product "Application Testing Suite" and version "13.1.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Testing Suite Search vendor "Oracle" for product "Application Testing Suite" | 13.2.0.1 Search vendor "Oracle" for product "Application Testing Suite" and version "13.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Application Testing Suite Search vendor "Oracle" for product "Application Testing Suite" | 13.3.0.1 Search vendor "Oracle" for product "Application Testing Suite" and version "13.3.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Big Data Discovery Search vendor "Oracle" for product "Big Data Discovery" | 1.6.0 Search vendor "Oracle" for product "Big Data Discovery" and version "1.6.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Converged Application Server Search vendor "Oracle" for product "Communications Converged Application Server" | < 7.0.0.1 Search vendor "Oracle" for product "Communications Converged Application Server" and version " < 7.0.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router" | < 8.3 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " < 8.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Performance Intelligence Center Search vendor "Oracle" for product "Communications Performance Intelligence Center" | < 10.2.1 Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " < 10.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Services Gatekeeper Search vendor "Oracle" for product "Communications Services Gatekeeper" | < 6.1.0.4.0 Search vendor "Oracle" for product "Communications Services Gatekeeper" and version " < 6.1.0.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate For Big Data Search vendor "Oracle" for product "Goldengate For Big Data" | 12.2.0.1 Search vendor "Oracle" for product "Goldengate For Big Data" and version "12.2.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate For Big Data Search vendor "Oracle" for product "Goldengate For Big Data" | 12.3.1.1 Search vendor "Oracle" for product "Goldengate For Big Data" and version "12.3.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Goldengate For Big Data Search vendor "Oracle" for product "Goldengate For Big Data" | 12.3.2.1 Search vendor "Oracle" for product "Goldengate For Big Data" and version "12.3.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Health Sciences Information Manager Search vendor "Oracle" for product "Health Sciences Information Manager" | 3.0 Search vendor "Oracle" for product "Health Sciences Information Manager" and version "3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Healthcare Master Person Index Search vendor "Oracle" for product "Healthcare Master Person Index" | 3.0 Search vendor "Oracle" for product "Healthcare Master Person Index" and version "3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Healthcare Master Person Index Search vendor "Oracle" for product "Healthcare Master Person Index" | 4.0 Search vendor "Oracle" for product "Healthcare Master Person Index" and version "4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Calculation Engine Search vendor "Oracle" for product "Insurance Calculation Engine" | 10.1.1 Search vendor "Oracle" for product "Insurance Calculation Engine" and version "10.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Calculation Engine Search vendor "Oracle" for product "Insurance Calculation Engine" | 10.2 Search vendor "Oracle" for product "Insurance Calculation Engine" and version "10.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Calculation Engine Search vendor "Oracle" for product "Insurance Calculation Engine" | 10.2.1 Search vendor "Oracle" for product "Insurance Calculation Engine" and version "10.2.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Rules Palette Search vendor "Oracle" for product "Insurance Rules Palette" | 10.0 Search vendor "Oracle" for product "Insurance Rules Palette" and version "10.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Rules Palette Search vendor "Oracle" for product "Insurance Rules Palette" | 10.1 Search vendor "Oracle" for product "Insurance Rules Palette" and version "10.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Rules Palette Search vendor "Oracle" for product "Insurance Rules Palette" | 10.2 Search vendor "Oracle" for product "Insurance Rules Palette" and version "10.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Rules Palette Search vendor "Oracle" for product "Insurance Rules Palette" | 11.0 Search vendor "Oracle" for product "Insurance Rules Palette" and version "11.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Insurance Rules Palette Search vendor "Oracle" for product "Insurance Rules Palette" | 11.1 Search vendor "Oracle" for product "Insurance Rules Palette" and version "11.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | 15.2 Search vendor "Oracle" for product "Primavera Gateway" and version "15.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | 16.2 Search vendor "Oracle" for product "Primavera Gateway" and version "16.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Primavera Gateway Search vendor "Oracle" for product "Primavera Gateway" | 17.12 Search vendor "Oracle" for product "Primavera Gateway" and version "17.12" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Customer Insights Search vendor "Oracle" for product "Retail Customer Insights" | 15.0 Search vendor "Oracle" for product "Retail Customer Insights" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Customer Insights Search vendor "Oracle" for product "Retail Customer Insights" | 16.0 Search vendor "Oracle" for product "Retail Customer Insights" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Open Commerce Platform Search vendor "Oracle" for product "Retail Open Commerce Platform" | 5.3.0 Search vendor "Oracle" for product "Retail Open Commerce Platform" and version "5.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Open Commerce Platform Search vendor "Oracle" for product "Retail Open Commerce Platform" | 6.0.0 Search vendor "Oracle" for product "Retail Open Commerce Platform" and version "6.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Open Commerce Platform Search vendor "Oracle" for product "Retail Open Commerce Platform" | 6.0.1 Search vendor "Oracle" for product "Retail Open Commerce Platform" and version "6.0.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker" | 5.1 Search vendor "Oracle" for product "Retail Order Broker" and version "5.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker" | 5.2 Search vendor "Oracle" for product "Retail Order Broker" and version "5.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker" | 15.0 Search vendor "Oracle" for product "Retail Order Broker" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker" | 16.0 Search vendor "Oracle" for product "Retail Order Broker" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 14.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 14.1 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "14.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 15.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "15.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Predictive Application Server Search vendor "Oracle" for product "Retail Predictive Application Server" | 16.0 Search vendor "Oracle" for product "Retail Predictive Application Server" and version "16.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Service Architecture Leveraging Tuxedo Search vendor "Oracle" for product "Service Architecture Leveraging Tuxedo" | 12.1.3.0.0 Search vendor "Oracle" for product "Service Architecture Leveraging Tuxedo" and version "12.1.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Service Architecture Leveraging Tuxedo Search vendor "Oracle" for product "Service Architecture Leveraging Tuxedo" | 12.2.2.0.0 Search vendor "Oracle" for product "Service Architecture Leveraging Tuxedo" and version "12.2.2.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Tape Library Acsls Search vendor "Oracle" for product "Tape Library Acsls" | 8.4 Search vendor "Oracle" for product "Tape Library Acsls" and version "8.4" | - |
Affected
| ||||||