FKIE_CVE-2018-1259

Vulnerability from fkie_nvd - Published: 2018-05-11 20:29 - Updated: 2024-11-21 03:59
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
References
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1259Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1259Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
Impacted products
Vendor Product Version
pivotal_software spring_data_commons *
pivotal_software spring_data_commons *
pivotal_software spring_data_rest *
pivotal_software spring_data_rest *
xmlbeam xmlbeam *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E7F274-5CF6-482F-9B52-9C7E40C7C133",
              "versionEndIncluding": "1.13.11",
              "versionStartIncluding": "1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "055E8CDE-2FDC-46E1-91B6-02BB5BB5DDE7",
              "versionEndIncluding": "2.0.6",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5433DB0-B5D8-48D1-901E-7935B3D9EC37",
              "versionEndIncluding": "2.6.11",
              "versionStartExcluding": "2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF1612F-D7FE-480E-8C28-2D97413787F9",
              "versionEndIncluding": "3.0.6",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5EE557-849E-4677-B7B4-4A1BDB6EA0F0",
              "versionEndIncluding": "1.4.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data\u0027s projection-based request payload binding to access arbitrary files on the system."
    },
    {
      "lang": "es",
      "value": "Spring Data Commons, en versiones 1.13 anteriores a la 1.13.12 y versiones 2.0 anteriores a la 2.0.7, empleado junto con XMLBeam, en versiones 1.4.14 o anteriores, contiene una vulnerabilidad de enlazador de propiedades provocada por la restricci\u00f3n incorrecta de referencias de entidades externas XML, ya que la biblioteca subyacente XMLBeam no restringe la expansi\u00f3n de referencias externas. Un usuario remoto malicioso no autenticado puede proporcionar par\u00e1metros de petici\u00f3n especialmente manipulados al enlace de la carga \u00fatil de petici\u00f3n basada en proyecci\u00f3n de Spring Data para acceder a archivos arbitrarios en el sistema."
    }
  ],
  "id": "CVE-2018-1259",
  "lastModified": "2024-11-21T03:59:29.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-11T20:29:00.307",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1809"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3768"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1259"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.