Vulnerability Details : CVE-2018-1275
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
Vulnerability category: Execute code
Products affected by CVE-2018-1275
- cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1275
18.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1275
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-1275
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: security_alert@emc.com (Primary)
-
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2018-1275
-
https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1320
RHSA-2018:1320 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
[jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) - Pony MailMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Oracle Critical Patch Update - July 2019Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/103771
Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://pivotal.io/security/cve-2018-1275
CVE-2018-1275: Address partial fix for CVE-2018-1270 | Security | PivotalVendor Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Critical Patch Update - January 2019Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1041301
Oracle WebLogic Server Bugs Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
Pony Mail!Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2939
RHSA-2018:2939 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
Jump to