CVE-2018-1275

CWE-94Code InjectionCWE-358CWE-20Improper Input Validation8 documents7 sources
Severity
9.8CRITICAL
EPSS
38.1%
top 2.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Oracle Communications Converged Application ServerOracle Communications Diameter Signaling RouterOracle Communications Performance Intelligence Center+17 more
Timeline
PublishedApr 11
Latest updateOct 17

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages21 packages

Mavenorg.springframework:spring-messaging5.0.0.RELEASE5.0.5.RELEASE+1
NVDvmware/spring_framework4.3.04.3.16+1
CVEListV5spring_by_pivotal/spring_frameworkVersions prior to 5.0.5 and 4.3.16
NVDoracle/retail_order_broker4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
OSV
Spring Framework has Improperly Implemented Security Check for Standard2018-10-17
GHSA
Spring Framework has Improperly Implemented Security Check for Standard2018-10-17
CVEList
CVE-2018-1275: Spring Framework, versions 52018-04-11

📋Vendor Advisories

2
Red Hat
spring-framework: Address partial fix for CVE-2018-12702018-04-09
Debian
CVE-2018-1275: libspring-java - Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 a...2018

💬Community

2
Bugzilla
CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-12702018-04-09
Bugzilla
CVE-2018-1270 spring-framework: Possible RCE via spring messaging2018-04-06