CVE-2018-11040 — Inclusion of Functionality from Untrusted Control Sphere in Spring Framework

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere CWE-79 — Cross-site Scripting9 documents7 sources

Severity

7.5HIGHNVD

EPSS

7.3%

top 8.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pivotal Spring Framework Oracle Communications Services Gatekeeper Vmware Spring Framework +26 more

Timeline

PublishedJun 25

Latest updateOct 16

Description

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages28 packages

▶NVDvmware/spring_framework5.0.0 — 5.0.7+1

▶CVEListV5pivotal/spring_framework5.0.x — 5.0.7+1

▶NVDoracle/retail_predictive_application_server4 versions+3

▶NVDoracle/application_testing_suite4 versions+3

▶NVDoracle/communications_services_gatekeeper< 6.1.0.4.0

Also affects: Debian Linux 9.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Moderate severity vulnerability that affects org.springframework:spring-core↗2018-10-16

▶

GHSA

Moderate severity vulnerability that affects org.springframework:spring-core↗2018-10-16

▶

CVEList

CVE-2018-11040: Spring Framework, versions 5↗2018-06-25

▶

OSV

CVE-2018-11040: Spring Framework, versions 5↗2018-06-25

▶

📋Vendor Advisories

Red Hat

springframework: cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice↗2018-06-14

▶

Debian

CVE-2018-11040: libspring-java - Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and ol...↗2018

▶

💬Community

Bugzilla

CVE-2018-11040 springframework: cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice [fedora-all]↗2018-06-15

▶

Bugzilla

CVE-2018-11040 springframework: cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice↗2018-06-15

▶