Vulnerability Details : CVE-2018-1272
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Vulnerability category: Gain privilege
Products affected by CVE-2018-1272
- cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1272
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1272
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
References for CVE-2018-1272
-
https://access.redhat.com/errata/RHSA-2018:1320
RHSA-2018:1320 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Patch;Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Third Party Advisory
-
https://pivotal.io/security/cve-2018-1272
CVE-2018-1272: Multipart Content Pollution with Spring Framework | Security | PivotalVendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2669
RHSA-2018:2669 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Patch;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/103697
Pivotal Spring Framework CVE-2018-1272 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to