Vulnerability CVE-2018-1257


Published: 2018-05-11

Description:
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Type:

CWE-20

(Improper Input Validation)

Vendor: Oracle
Product: Agile product lifecycle management 
Version:
9.3.6
9.3.5
9.3.4
9.3.3
Product: Tape library acsls 
Version: 8.4;
Product: Communications diameter signaling router 
Version:
8.2
8.1
6.0
Product: Communications unified inventory management 
Version:
7.4.0
7.3.5
7.3.4
7.3.2
Product: Retail open commerce platform 
Version:
6.0.1
6.0.0
5.3.0
Product: Retail order broker 
Version:
5.2
5.1
16.0
15.0
Product: Hospitality guest access 
Version: 4.2.1; 4.2.0;
Product: Healthcare master person index 
Version: 4.0; 3.0;
Product: Endeca information discovery integrator 
Version: 3.2.0; 3.1.0;
Product: Health sciences information manager 
Version: 3.0;
Product: Flexcube private banking 
Version:
2.2.0.1
2.0.0.0
12.1.0.0
12.0.3.0
12.0.1.0
Product: Primavera gateway 
Version:
17.12
16.2
15.2
Product: Retail customer insights 
Version: 16.0; 15.0;
Product: Retail predictive application server 
Version:
16.0
15.0
14.1
14.0
Product: Application testing suite 
Version:
13.3.0.1
13.2.0.1
13.1.0.1
12.5.0.3
Product: Enterprise manager base platform 
Version:
13.3.0.0.0
13.2.0.0.0
12.1.0.5.0
Product: Enterprise manager for mysql database 
Version: 13.2;
Product: Enterprise manager ops center 
Version: 12.3.3;
Product: Goldengate for big data 
Version:
12.3.2.1
12.3.1.1
12.2.0.1
Product: Service architecture leveraging tuxedo 
Version: 12.2.2.0.0; 12.1.3.0.0;
Product: Weblogic server 
Version:
12.2.1.3.0
12.1.3.0.0
10.3.6.0.0
Product: Insurance rules palette 
Version:
11.1
11.0
10.2
10.1
10.0
Product: Insurance calculation engine 
Version:
10.2.1
10.2
10.1.1
Product: Big data discovery 
Version: 1.6.0;
Product: Utilities network management system 
Version: 1.12.0.3;
Vendor: Pivotal software
Product: Spring framework 
Version:
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
5.0.0
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
Vendor: Redhat
Product: Openshift 

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104260
https://access.redhat.com/errata/RHSA-2018:1809
https://access.redhat.com/errata/RHSA-2018:3768
https://pivotal.io/security/cve-2018-1257
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related CVE
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se...
CVE-2019-6648
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by ...
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
CVE-2019-10140
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c....
CVE-2019-10201
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified....
CVE-2019-10199
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.
CVE-2019-10176
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this t...

Copyright 2019, cxsecurity.com

 

Back to Top