CVE-2018-1270 - Improperly Implemented Security Check for Standard

Severity

75%

Complexity

99%

Confidentiality

106%

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle

First reported 6 years ago

2018-04-06 13:29:00

Last updated 5 years ago

2019-07-03 19:15:00

Affected Software

Oracle Application Testing Suite 12.5.0.3

12.5.0.3

Oracle Application Testing Suite 13.1.0.1

13.1.0.1

Oracle Application Testing Suite 13.2.0.1

13.2.0.1

Oracle Application Testing Suite 13.3.0.1

13.3.0.1

Oracle Enterprise Manager Ops Center 12.2.2

12.2.2

Oracle Enterprise Manager Ops Center 12.3.3

12.3.3

Oracle Primavera Gateway 15.2

15.2

Oracle Primavera Gateway 16.2

16.2

Oracle Retail Back Office 14.0

14.0

Oracle Retail Back Office 14.1

14.1

Oracle Retail Central Office 14.0

14.0

Oracle Retail Central Office 14.1

14.1

Oracle Retail Integration Bus 14.0.1

14.0.1

Oracle Retail Integration Bus 14.0.2

14.0.2

Oracle Retail Integration Bus 14.0.3

14.0.3

Oracle Retail Integration Bus 14.0.4

14.0.4

Oracle Retail Integration Bus 14.1.1

14.1.1

Oracle Retail Integration Bus 14.1.2

14.1.2

Oracle Retail Integration Bus 14.1.3

14.1.3

Oracle Retail Integration Bus 15.0.0.1

15.0.0.1

Oracle Retail Integration Bus 15.0.1

15.0.1

Oracle Retail Integration Bus 15.0.2

15.0.2

Oracle Retail Integration Bus 16.0

16.0

Oracle Retail Integration Bus 16.0.1

16.0.1

Oracle Retail Integration Bus 16.0.2

16.0.2

Oracle Retail Open Commerce Platform 6.0.1

6.0.1

Oracle Retail Point-of-Sale 14.0

14.0

Oracle Retail Point-of-Sale 14.1

14.1

Oracle Retail Returns Management 14.0

14.0

Oracle Retail Returns Management 14.1

14.1

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

103696

Third Party Advisory, VDB Entry

RHSA-2018:2939

Third Party Advisory

[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)

[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.

[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

https://pivotal.io/security/cve-2018-1270

Vendor Advisory

44796

Broken Link

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.