CVE-2018-1275: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Affected

45 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	libspring-java	—	—
oracle	application_testing_suite	—	—
oracle	application_testing_suite	—	—
oracle	application_testing_suite	—	—
oracle	application_testing_suite	—	—
oracle	big_data_discovery	—	—
oracle	communications_converged_application_server	< 7.0.0.1	7.0.0.1
oracle	communications_diameter_signaling_router	< 8.3	8.3
oracle	communications_performance_intelligence_center	< 10.2.1	10.2.1
oracle	communications_services_gatekeeper	< 6.1.0.4.0	6.1.0.4.0
oracle	goldengate_for_big_data	—	—
oracle	goldengate_for_big_data	—	—
oracle	goldengate_for_big_data	—	—
oracle	health_sciences_information_manager	—	—
oracle	healthcare_master_person_index	—	—
oracle	healthcare_master_person_index	—	—
oracle	insurance_calculation_engine	—	—
oracle	insurance_calculation_engine	—	—
oracle	insurance_calculation_engine	—	—
oracle	insurance_rules_palette	—	—
oracle	insurance_rules_palette	—	—
oracle	insurance_rules_palette	—	—
oracle	insurance_rules_palette	—	—
oracle	insurance_rules_palette	—	—
oracle	primavera_gateway	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ghsa9.8CRITICAL

osv9.8CRITICAL