CVE-2018-1272

Severity

60%

Complexity

68%

Confidentiality

106%

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

Oracle

First reported 7 years ago

2018-04-06 13:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Oracle Application Testing Suite 12.5.0.3

12.5.0.3

Oracle Application Testing Suite 13.1.0.1

13.1.0.1

Oracle Application Testing Suite 13.2.0.1

13.2.0.1

Oracle Application Testing Suite 13.3.0.1

13.3.0.1

Oracle Enterprise Manager Ops Center 12.2.2

12.2.2

Oracle Enterprise Manager Ops Center 12.3.3

12.3.3

Oracle Primavera Gateway 15.2

15.2

Oracle Primavera Gateway 16.2

16.2

Oracle Retail Back Office 14.0

14.0

Oracle Retail Back Office 14.1

14.1

Oracle Retail Central Office 14.0

14.0

Oracle Retail Central Office 14.1

14.1

Oracle Retail Integration Bus 14.0.1

14.0.1

Oracle Retail Integration Bus 14.0.2

14.0.2

Oracle Retail Integration Bus 14.0.3

14.0.3

Oracle Retail Integration Bus 14.0.4

14.0.4

Oracle Retail Integration Bus 14.1.1

14.1.1

Oracle Retail Integration Bus 14.1.2

14.1.2

Oracle Retail Integration Bus 14.1.3

14.1.3

Oracle Retail Integration Bus 15.0.0.1

15.0.0.1

Oracle Retail Integration Bus 15.0.1

15.0.1

Oracle Retail Integration Bus 15.0.2

15.0.2

Oracle Retail Integration Bus 16.0

16.0

Oracle Retail Integration Bus 16.0.1

16.0.1

Oracle Retail Integration Bus 16.0.2

16.0.2

Oracle Retail Open Commerce Platform 6.0.1

6.0.1

Oracle Retail Point-of-Sale 14.0

14.0

Oracle Retail Point-of-Sale 14.1

14.1

Oracle Retail Returns Management 14.0

14.0

Oracle Retail Returns Management 14.1

14.1

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

103697

Third Party Advisory, VDB Entry

RHSA-2018:1320

Third Party Advisory

RHSA-2018:2669

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/141286

Third Party Advisory, VDB Entry

https://pivotal.io/security/cve-2018-1272

Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.