CVE-2018-1275
11.04.2018, 13:29
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
| Vendor | Product | Version |
|---|---|---|
| vmware | spring_framework | 4.3.0 ≤ 𝑥 < 4.3.16 |
| vmware | spring_framework | 5.0.0 ≤ 𝑥 < 5.0.5 |
| oracle | application_testing_suite | 12.5.0.3 |
| oracle | application_testing_suite | 13.1.0.1 |
| oracle | application_testing_suite | 13.2.0.1 |
| oracle | application_testing_suite | 13.3.0.1 |
| oracle | big_data_discovery | 1.6.0 |
| oracle | communications_converged_application_server | 𝑥 < 7.0.0.1 |
| oracle | communications_diameter_signaling_router | 𝑥 < 8.3 |
| oracle | communications_performance_intelligence_center | 𝑥 < 10.2.1 |
| oracle | communications_services_gatekeeper | 𝑥 < 6.1.0.4.0 |
| oracle | goldengate_for_big_data | 12.2.0.1 |
| oracle | goldengate_for_big_data | 12.3.1.1 |
| oracle | goldengate_for_big_data | 12.3.2.1 |
| oracle | health_sciences_information_manager | 3.0 |
| oracle | healthcare_master_person_index | 3.0 |
| oracle | healthcare_master_person_index | 4.0 |
| oracle | insurance_calculation_engine | 10.1.1 |
| oracle | insurance_calculation_engine | 10.2 |
| oracle | insurance_calculation_engine | 10.2.1 |
| oracle | insurance_rules_palette | 10.0 |
| oracle | insurance_rules_palette | 10.1 |
| oracle | insurance_rules_palette | 10.2 |
| oracle | insurance_rules_palette | 11.0 |
| oracle | insurance_rules_palette | 11.1 |
| oracle | primavera_gateway | 15.2 |
| oracle | primavera_gateway | 16.2 |
| oracle | primavera_gateway | 17.12 |
| oracle | retail_customer_insights | 15.0 |
| oracle | retail_customer_insights | 16.0 |
| oracle | retail_open_commerce_platform | 5.3.0 |
| oracle | retail_open_commerce_platform | 6.0.0 |
| oracle | retail_open_commerce_platform | 6.0.1 |
| oracle | retail_order_broker | 5.1 |
| oracle | retail_order_broker | 5.2 |
| oracle | retail_order_broker | 15.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_predictive_application_server | 14.0 |
| oracle | retail_predictive_application_server | 14.1 |
| oracle | retail_predictive_application_server | 15.0 |
| oracle | retail_predictive_application_server | 16.0 |
| oracle | service_architecture_leveraging_tuxedo | 12.1.3.0.0 |
| oracle | service_architecture_leveraging_tuxedo | 12.2.2.0.0 |
| oracle | tape_library_acsls | 8.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-358 - Improperly Implemented Security Check for StandardThe software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
References