CVE-2018-1275 - Improperly Implemented Security Check for Standard

Severity

75%

Complexity

99%

Confidentiality

106%

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

CVSS 3.0 Base Score 9.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle

First reported 6 years ago

2018-04-11 13:29:00

Last updated 5 years ago

2019-07-03 19:15:00

Affected Software

Oracle Application Testing Suite 12.5.0.3

12.5.0.3

Oracle Application Testing Suite 13.1.0.1

13.1.0.1

Oracle Application Testing Suite 13.2.0.1

13.2.0.1

Oracle Application Testing Suite 13.3.0.1

13.3.0.1

Oracle Primavera Gateway 15.2

15.2

Oracle Primavera Gateway 16.2

16.2

Oracle Retail Open Commerce Platform 6.0.1

6.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch, Third Party Advisory

103771

Third Party Advisory, VDB Entry

1041301

Third Party Advisory, VDB Entry

RHSA-2018:1320

Third Party Advisory

RHSA-2018:2939

Third Party Advisory

[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)

[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar

https://pivotal.io/security/cve-2018-1275

Vendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.