var-201804-1673
Vulnerability from variot
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. NOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update Advisory ID: RHSA-2018:1320-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2018:1320 Issue date: 2018-05-03 CVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 =====================================================================
- Summary:
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
- References:
https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12 https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth c3tFEafC+xcftRfJKlS6jU4= =NRhi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1673", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tape library acsls", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "8.4" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "16.0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "15.0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.1" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "14.0" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "5.2" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "5.1" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "16.0" }, { "model": "retail order broker", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "15.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "6.0.1" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "17.12" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "16.2" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "15.2" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "11.1" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "11.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.1" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.0" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.2.1" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10.1.1" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "12.3.2.1" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "12.3.1.1" }, { "model": "goldengate for big data", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "12.2.0.1" }, { "model": "communications performance intelligence center", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "10.2.1" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2" }, { "model": "big data discovery", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "communications services gatekeeper", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "6.1.0.4.0" }, { "model": "spring framework", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "4.3.16" }, { "model": "retail customer insights", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0.3" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.1" }, { "model": "spring framework", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "5.0.5" }, { "model": "service architecture leveraging tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6.0.0" }, { "model": "communications converged application server", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "7.0.0.1" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.1.0.1" }, { "model": "healthcare master person index", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.0" }, { "model": "service architecture leveraging tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.2.0.0" }, { "model": "healthcare master person index", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "retail customer insights", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "communications diameter signaling router", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "spring framework", "scope": "gte", "trust": 1.0, "vendor": "vmware", "version": "5.0.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.3.0" }, { "model": "insurance calculation engine", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.2" }, { "model": "spring framework", "scope": "gte", "trust": 1.0, "vendor": "vmware", "version": "4.3.0" }, { "model": "health sciences information manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.4" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.2" }, { "model": "spring framework", "scope": "eq", "trust": 0.9, "vendor": "pivotal", "version": "5.0.1" }, { "model": "spring framework", "scope": "lt", "trust": 0.8, "vendor": "pivotal", "version": "4.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.8, "vendor": "pivotal", "version": "4.3.16" }, { "model": "spring framework", "scope": "lt", "trust": 0.8, "vendor": "pivotal", "version": "5.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.8, "vendor": "pivotal", "version": "5.0.5" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.3" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.1" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.4" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "4.3.2" }, { "model": "spring framework", "scope": "eq", "trust": 0.6, "vendor": "pivotal", "version": "5.0.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "5.0" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "4.3.15" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "4.3.14" }, { "model": "spring framework", "scope": "eq", "trust": 0.3, "vendor": "pivotal", "version": "4.3" }, { "model": "soa suite", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "soa suite", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "retail open commerce platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "insurance rules palette", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.2.0" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2.1.1" }, { "model": "flexcube investor servicing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0" }, { "model": "flexcube investor servicing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.4" }, { "model": "flexcube investor servicing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3" }, { "model": "flexcube investor servicing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "flexcube investor servicing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.0.4" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.1" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "communications service broker", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "communications online mediation controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications converged application server service controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications converged application server service controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "-6.1" }, { "model": "communications converged application server service controller", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "-6.0" }, { "model": "big data discovery", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6" }, { "model": "spring framework", "scope": "ne", "trust": 0.3, "vendor": "pivotal", "version": "5.0.5" }, { "model": "spring framework", "scope": "ne", "trust": 0.3, "vendor": "pivotal", "version": "4.3.16" }, { "model": "communications webrtc session controller", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "7.2" } ], "sources": [ { "db": "BID", "id": "103771" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.5", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.0.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.0.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-1275" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "and 0c0c0f.,rwx, Christoph Dreis", "sources": [ { "db": "CNNVD", "id": "CNNVD-201804-563" } ], "trust": 0.6 }, "cve": "CVE-2018-1275", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-1275", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-122740", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-1275", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-1275", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201804-563", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-122740", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-1275", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-122740" }, { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \nNOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update\nAdvisory ID: RHSA-2018:1320-01\nProduct: Red Hat OpenShift Application Runtimes\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1320\nIssue date: 2018-05-03\nCVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 \n CVE-2018-1304 CVE-2018-1305 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat OpenShift Application Runtimes. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. \n\nThis release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR\nSpring Boot 1.5.10, and includes bug fixes and enhancements. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1272\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=1.5.12\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth\nc3tFEafC+xcftRfJKlS6jU4=\n=NRhi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "BID", "id": "103771" }, { "db": "VULHUB", "id": "VHN-122740" }, { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "PACKETSTORM", "id": "147489" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1275", "trust": 3.1 }, { "db": "BID", "id": "103771", "trust": 2.1 }, { "db": "SECTRACK", "id": "1041301", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2018-003100", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201804-563", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-122740", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-1275", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149847", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147489", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-122740" }, { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "BID", "id": "103771" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "PACKETSTORM", "id": "147489" }, { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "id": "VAR-201804-1673", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-122740" } ], "trust": 0.01 }, "last_update_date": "2023-12-25T23:13:07.482000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-1275: Address partial fix for CVE-2018-1270", "trust": 0.8, "url": "https://pivotal.io/security/cve-2018-1275" }, { "title": "Pivotal Spring Framework Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83325" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/" }, { "title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182939 - security advisory" }, { "title": "Red Hat: CVE-2018-1275", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1275" }, { "title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385" }, { "title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37" }, { "title": "PPPRASP\n0x00 Start\n0x01 \u57fa\u672c\u6f0f\u6d1e\u68c0\u6d4b\u7c7b\u578b ing\n0x02 CVE\u6f0f\u6d1e\u68c0\u6d4b", "trust": 0.1, "url": "https://github.com/whoopsunix/ppprasp " }, { "title": "https://github.com/bkhablenko/CVE-2017-8046", "trust": 0.1, "url": "https://github.com/bkhablenko/cve-2017-8046 " }, { "title": "gocarts(go-CERT-alerts-summarizer)\nAbstract\nMain features\nUsage\nFetch JPCERT\nFetch USCERT\nSearch mode\nOutput Mode\nLicense\nAuthor", "trust": 0.1, "url": "https://github.com/tomoyamachi/gocarts " }, { "title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring", "trust": 0.1, "url": "https://github.com/ilmari666/cybsec " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/qazbnm456/awesome-cve-poc " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.0 }, { "problemtype": "CWE-358", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-122740" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "NVD", "id": "CVE-2018-1275" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "http://www.securityfocus.com/bid/103771" }, { "trust": 2.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "trust": 2.1, "url": "https://pivotal.io/security/cve-2018-1275" }, { "trust": 2.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 2.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:1320" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:2939" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1041301" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275" }, { "trust": 0.9, "url": "http://pivotal.io/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1275" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1305" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1304" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1271" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1275" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/94.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/whoopsunix/ppprasp" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-12617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1260" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-7489" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1270" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3060411" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.spring.boot\u0026version=1.5.12" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1272" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" } ], "sources": [ { "db": "VULHUB", "id": "VHN-122740" }, { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "BID", "id": "103771" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "PACKETSTORM", "id": "147489" }, { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-122740" }, { "db": "VULMON", "id": "CVE-2018-1275" }, { "db": "BID", "id": "103771" }, { "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "db": "PACKETSTORM", "id": "149847" }, { "db": "PACKETSTORM", "id": "147489" }, { "db": "NVD", "id": "CVE-2018-1275" }, { "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-04-11T00:00:00", "db": "VULHUB", "id": "VHN-122740" }, { "date": "2018-04-11T00:00:00", "db": "VULMON", "id": "CVE-2018-1275" }, { "date": "2018-04-13T00:00:00", "db": "BID", "id": "103771" }, { "date": "2018-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "date": "2018-10-18T03:51:21", "db": "PACKETSTORM", "id": "149847" }, { "date": "2018-05-04T01:11:44", "db": "PACKETSTORM", "id": "147489" }, { "date": "2018-04-11T13:29:00.353000", "db": "NVD", "id": "CVE-2018-1275" }, { "date": "2018-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-15T00:00:00", "db": "VULHUB", "id": "VHN-122740" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-1275" }, { "date": "2019-07-17T07:00:00", "db": "BID", "id": "103771" }, { "date": "2018-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-003100" }, { "date": "2023-11-07T02:55:54.387000", "db": "NVD", "id": "CVE-2018-1275" }, { "date": "2021-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201804-563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201804-563" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Spring Framework Vulnerabilities related to security checks", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-003100" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201804-563" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.