FKIE_CVE-2018-1271

Vulnerability from fkie_nvd - Published: 2018-04-06 13:29 - Updated: 2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1271Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1271Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_policy_management 12.5.0
oracle communications_services_gatekeeper *
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle insurance_calculation_engine *
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_integration_bus 14.0.1
oracle retail_integration_bus 14.0.2
oracle retail_integration_bus 14.0.3
oracle retail_integration_bus 14.0.4
oracle retail_integration_bus 14.1.1
oracle retail_integration_bus 14.1.2
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 15.0.0.1
oracle retail_integration_bus 15.0.1
oracle retail_integration_bus 15.0.2
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.1
oracle retail_integration_bus 16.0.2
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-sale 14.0
oracle retail_point-of-sale 14.1
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 7.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD987888-3DB7-4BE3-A830-9F915F3C81DF",
              "versionEndExcluding": "4.3.15",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22847CAE-3C2C-4C2E-9D2E-47DB4091442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E484D25-1753-42A1-9658-8E9CCE8E3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEAFF40-B0C7-4B05-A655-B3F93055FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF4C859-616D-44F9-BE76-589A4E6E8BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE753D-A090-47DE-8EF0-8FDE07576E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAFB538-A395-4C4D-83F7-CD453C0DFB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0CA26F-41D3-433F-9C17-1A4F5066F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C4D75-3927-4D07-BE16-4204F641A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A6CF77-09DF-43FD-833A-8DAAE016717A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "632E9828-907F-4F2C-81D5-A74A6DDA2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, permite que las aplicaciones configuren Spring MVC para que sirva recursos est\u00e1ticos (por ejemplo, CSS, JS o im\u00e1genes). Cuando se sirven recursos est\u00e1ticos desde un sistema de archivos en Windows (en contraposici\u00f3n a classpath o a ServletContext), un usuario malicioso puede enviar una petici\u00f3n mediante una URL especialmente manipulada que puede llevar a un ataque de salto de directorio."
    }
  ],
  "id": "CVE-2018-1271",
  "lastModified": "2024-11-21T03:59:30.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-06T13:29:00.500",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.