Vulnerability CVE-2018-1257


Published: 2018-05-11

Description:
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Type:

CWE-20

(Improper Input Validation)

Vendor: Oracle
Product: Agile product lifecycle management 
Version:
9.3.6
9.3.5
9.3.4
9.3.3
Product: Tape library acsls 
Version: 8.4;
Product: Communications diameter signaling router 
Version:
8.2
8.1
6.0
Product: Communications unified inventory management 
Version:
7.4.0
7.3.5
7.3.4
7.3.2
Product: Retail open commerce platform 
Version:
6.0.1
6.0.0
5.3.0
Product: Retail order broker 
Version:
5.2
5.1
16.0
15.0
Product: Hospitality guest access 
Version: 4.2.1; 4.2.0;
Product: Healthcare master person index 
Version: 4.0; 3.0;
Product: Endeca information discovery integrator 
Version: 3.2.0; 3.1.0;
Product: Health sciences information manager 
Version: 3.0;
Product: Flexcube private banking 
Version:
2.2.0.1
2.0.0.0
12.1.0.0
12.0.3.0
12.0.1.0
Product: Primavera gateway 
Version:
17.12
16.2
15.2
Product: Retail customer insights 
Version: 16.0; 15.0;
Product: Retail predictive application server 
Version:
16.0
15.0
14.1
14.0
Product: Application testing suite 
Version:
13.3.0.1
13.2.0.1
13.1.0.1
12.5.0.3
Product: Enterprise manager base platform 
Version:
13.3.0.0.0
13.2.0.0.0
12.1.0.5.0
Product: Enterprise manager for mysql database 
Version: 13.2;
Product: Enterprise manager ops center 
Version: 12.3.3;
Product: Goldengate for big data 
Version:
12.3.2.1
12.3.1.1
12.2.0.1
Product: Service architecture leveraging tuxedo 
Version: 12.2.2.0.0; 12.1.3.0.0;
Product: Weblogic server 
Version:
12.2.1.3.0
12.1.3.0.0
10.3.6.0.0
Product: Insurance rules palette 
Version:
11.1
11.0
10.2
10.1
10.0
Product: Insurance calculation engine 
Version:
10.2.1
10.2
10.1.1
Product: Big data discovery 
Version: 1.6.0;
Product: Utilities network management system 
Version: 1.12.0.3;
Vendor: Pivotal software
Product: Spring framework 
Version:
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
5.0.0
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.16
4.3.15
4.3.14
4.3.13
4.3.12
4.3.11
4.3.10
4.3.1
4.3.0
Vendor: Redhat
Product: Openshift 

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104260
https://access.redhat.com/errata/RHSA-2018:1809
https://access.redhat.com/errata/RHSA-2018:3768
https://pivotal.io/security/cve-2018-1257
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related CVE
CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me...
CVE-2014-8167
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVE-2010-4664
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVE-2010-4661
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2010-3857
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
CVE-2014-3599
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

Copyright 2019, cxsecurity.com

 

Back to Top