cbcvebase.
CVE-2018-1257
published 2018-05-11

CVE-2018-1257: Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Affected

72 ranges· showing 25
VendorProductVersion rangeFixed in
debianlibspring-java< libspring-java 4.3.19-1 (bookworm)libspring-java 4.3.19-1 (bookworm)
oracleagile_product_lifecycle_management
oracleagile_product_lifecycle_management
oracleagile_product_lifecycle_management
oracleagile_product_lifecycle_management
oracleapplication_testing_suite
oracleapplication_testing_suite
oracleapplication_testing_suite
oracleapplication_testing_suite
oraclebig_data_discovery
oraclecommunications_converged_application_server< 7.0.0.17.0.0.1
oraclecommunications_diameter_signaling_router< 8.38.3
oraclecommunications_performance_intelligence_center< 10.2.110.2.1
oraclecommunications_services_gatekeeper< 6.1.0.4.06.1.0.4.0
oraclecommunications_unified_inventory_management
oraclecommunications_unified_inventory_management
oraclecommunications_unified_inventory_management
oraclecommunications_unified_inventory_management
oracleendeca_information_discovery_integrator
oracleendeca_information_discovery_integrator
oracleenterprise_manager_base_platform
oracleenterprise_manager_base_platform
oracleenterprise_manager_base_platform
oracleenterprise_manager_for_mysql_database
oracleenterprise_manager_ops_center

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM