Check CVE Id
Check CWE Id
'Retail customer insights'
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Application server web cache
Corporate time outlook connector
Application server portal
Enterprise manager database control
Enterprise manager grid control
Database server lite
10g reports server
10g enterprise manager database control
Enterprise manager application server control
Peoplesoft enterprise customer relationship management
Application server discussion forum portlet
Peoplesoft enterprise portal
10g enterprise manager grid control
Collaboration suite 10g release 1
Peoplesoft enterprise tools
Rapid install web server
Peoplesoft enterprise human capital management
Peoplesoft enterprise peopletools
Secure enterprise search
Enterprise grid console server
Application server 9i
Application server 10g
E-business suite 11i
E-business suite 12
Peoplesoft hcm eperformance
Bea product suite
Webloic server component
Weblogic server component
Oracle portal component
Report manager component
Application object library
Enterprise manager 10g
Instance management component
Advanced replication component
Oracle application server
Mobile application server
Times ten client server component
Times ten in memory database
Times ten client server
Data pump component
Advanced queuing component
Oracle applications technology stack component
Core rdbms component
Hyperion bi plus component
Oracle http server component
Jd edwards enterpriseone
Peoplesoft peopletools component
Jd edwards enterpriseone ep
Timesten in-memory database
Enterprise manager grid control 10g
See all Products for Vendor
Back to Top