var-201804-1676
Vulnerability from variot

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update Advisory ID: RHSA-2018:2939-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2939 Issue date: 2018-10-17 CVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270 CVE-2018-1271 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-7489 ==================================================================== 1. Summary:

An update is now available for Red Hat Fuse Integration Services.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Description:

Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift.

Security fix(es):

  • jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)

  • spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)

  • spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)

  • spring-framework: Possible RCE via spring messaging (CVE-2018-1270)

  • spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260)

  • tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)

  • tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)

  • tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)

  • tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Updating instructions and release notes may be found at:

https://access.redhat.com/articles/3060411

  1. Bugs fixed (https://bugzilla.redhat.com/):

1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS

  1. References:

https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1270 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip T8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK yGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw 8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec P89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5 rzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow ybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf h71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr Y6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/ NygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg /RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh bunfRFjDlIY=l0NF -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1676",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.3"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "retail central office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "goldengate for big data",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.2.1"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.2"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "17.12"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.1"
      },
      {
        "model": "retail back office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.2"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.3"
      },
      {
        "model": "communications performance intelligence center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2"
      },
      {
        "model": "retail central office",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "tape library acsls",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.1"
      },
      {
        "model": "insurance calculation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2.1"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.1"
      },
      {
        "model": "big data discovery",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1.6.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.2"
      },
      {
        "model": "communications services gatekeeper",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.1.0.4.0"
      },
      {
        "model": "retail open commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.1"
      },
      {
        "model": "retail xstore point of service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "4.3.16"
      },
      {
        "model": "retail customer insights",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.5.0.3"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.2.0.1"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.0.5"
      },
      {
        "model": "service architecture leveraging tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.1.3.0.0"
      },
      {
        "model": "retail open commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6.0.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1.3"
      },
      {
        "model": "retail point-of-sale",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "communications converged application server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.0.0.1"
      },
      {
        "model": "retail returns management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.1.0.1"
      },
      {
        "model": "healthcare master person index",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "retail point-of-sale",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "retail predictive application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "goldengate for big data",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.3.1.1"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.4"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.2"
      },
      {
        "model": "fuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0.0"
      },
      {
        "model": "service architecture leveraging tuxedo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.2.0.0"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0.1"
      },
      {
        "model": "insurance rules palette",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "healthcare master person index",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "goldengate for big data",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.0.1"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0.0.1"
      },
      {
        "model": "retail returns management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "application testing suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "13.3.0.1"
      },
      {
        "model": "retail customer insights",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "16.0"
      },
      {
        "model": "communications diameter signaling router",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "spring framework",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "vmware",
        "version": "5.0.0"
      },
      {
        "model": "retail order broker",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.0"
      },
      {
        "model": "insurance calculation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.1.1"
      },
      {
        "model": "primavera gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "retail open commerce platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.3.0"
      },
      {
        "model": "insurance calculation engine",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10.2"
      },
      {
        "model": "retail integration bus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "14.0.1"
      },
      {
        "model": "health sciences information manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "pivotal",
        "version": "5.0.4"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "pivotal",
        "version": "5.0.3"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "pivotal",
        "version": "5.0.2"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "pivotal",
        "version": "5.0.1"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "pivotal",
        "version": "4.3"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "pivotal",
        "version": "4.3.15"
      },
      {
        "model": "spring framework",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "pivotal",
        "version": "5.0"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "pivotal",
        "version": "5.0.5"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.3.3"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.3.1"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.3.4"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.3.0"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.3.2"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "pivotal",
        "version": "4.2.9"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pivotal",
        "version": "5.0"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pivotal",
        "version": "4.3.14"
      },
      {
        "model": "spring framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pivotal",
        "version": "4.3"
      },
      {
        "model": "spring framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pivotal",
        "version": "5.0.5"
      },
      {
        "model": "spring framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pivotal",
        "version": "4.3.15"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.16",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.5",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.0.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alvaro Munoz (@pwntester) Micro Focus Fortify.",
    "sources": [
      {
        "db": "BID",
        "id": "103696"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1270",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1270",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-122685",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1270",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1270",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-245",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122685",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1270",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update\nAdvisory ID:       RHSA-2018:2939-01\nProduct:           Red Hat JBoss Fuse\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2939\nIssue date:        2018-10-17\nCVE Names:         CVE-2017-12617 CVE-2018-1260 CVE-2018-1270\n                   CVE-2018-1271 CVE-2018-1275 CVE-2018-1304\n                   CVE-2018-1305 CVE-2018-1336 CVE-2018-7489\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Fuse Integration Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Fuse Integration Services provides a set of tools and containerized\nxPaaS images that enable development, deployment, and management of\nintegration microservices within OpenShift. \n\nSecurity fix(es):\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe\nserialization via c3p0 libraries (CVE-2018-7489)\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* spring-framework: Possible RCE via spring messaging (CVE-2018-1270)\n\n* spring-security-oauth: remote code execution in the authorization process\n(CVE-2018-1260)\n\n* tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nUpdating instructions and release notes may be found at:\n\nhttps://access.redhat.com/articles/3060411\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries\n1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process\n1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-12617\nhttps://access.redhat.com/security/cve/CVE-2018-1260\nhttps://access.redhat.com/security/cve/CVE-2018-1270\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/cve/CVE-2018-1336\nhttps://access.redhat.com/security/cve/CVE-2018-7489\nhttps://access.redhat.com/security/updates/classification/#critical\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip\nT8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK\nyGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw\n8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec\nP89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5\nrzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow\nybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf\nh71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr\nY6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/\nNygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg\n/RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh\nbunfRFjDlIY=l0NF\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "BID",
        "id": "103696"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "db": "PACKETSTORM",
        "id": "149847"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1270",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "103696",
        "trust": 2.0
      },
      {
        "db": "EXPLOIT-DB",
        "id": "44796",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0544",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1395",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "147974",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97214",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-122685",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1270",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149847",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "db": "BID",
        "id": "103696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "PACKETSTORM",
        "id": "149847"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "id": "VAR-201804-1676",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-01-03T12:23:41.657000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-1270: Remote Code Execution with spring-messaging",
        "trust": 0.8,
        "url": "https://pivotal.io/security/cve-2018-1270"
      },
      {
        "title": "Pivotal Spring Framework Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83088"
      },
      {
        "title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182939 - security advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7"
      },
      {
        "title": "Red Hat: CVE-2018-1270",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-1270"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
      },
      {
        "title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
      },
      {
        "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
      },
      {
        "title": "CVE-2018-1270",
        "trust": 0.1,
        "url": "https://github.com/venscor/cve-2018-1270 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-358",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/103696"
      },
      {
        "trust": 2.0,
        "url": "https://pivotal.io/security/cve-2018-1270"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2018:2939"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/44796/"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1270"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3cissues.activemq.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75922"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1395"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-1270"
      },
      {
        "trust": 0.3,
        "url": "http://pivotal.io/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564405"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-12617"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1260"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-7489"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1305"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1271"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-1275"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/3060411"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "BID",
        "id": "103696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "PACKETSTORM",
        "id": "149847"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "db": "BID",
        "id": "103696"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "db": "PACKETSTORM",
        "id": "149847"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "date": "2018-04-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "date": "2018-04-05T00:00:00",
        "db": "BID",
        "id": "103696"
      },
      {
        "date": "2018-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "date": "2018-10-18T03:51:21",
        "db": "PACKETSTORM",
        "id": "149847"
      },
      {
        "date": "2018-04-06T13:29:00.453000",
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "date": "2018-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122685"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1270"
      },
      {
        "date": "2018-04-05T00:00:00",
        "db": "BID",
        "id": "103696"
      },
      {
        "date": "2018-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      },
      {
        "date": "2023-11-07T02:55:54.230000",
        "db": "NVD",
        "id": "CVE-2018-1270"
      },
      {
        "date": "2021-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Spring Framework Vulnerabilities related to security checks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003097"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-245"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.