Attacker Value
Unknown
CVE-2018-1271
CVE-2018-1271
(Last updated November 26, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None
General Information
Products
- application testing suite 12.5.0.3
- application testing suite 13.1.0.1
- application testing suite 13.2.0.1
- application testing suite 13.3.0.1
- big data discovery 1.6.0
- communications converged application server
- communications diameter signaling router
- communications performance intelligence center
- communications policy management 12.5.0
- communications services gatekeeper
- enterprise manager ops center 12.2.2
- enterprise manager ops center 12.3.3
- goldengate for big data 12.2.0.1
- goldengate for big data 12.3.1.1
- goldengate for big data 12.3.2.1
- health sciences information manager 3.0
- healthcare master person index 3.0
- healthcare master person index 4.0
- insurance calculation engine
- insurance calculation engine 10.1.1
- insurance calculation engine 10.2
- insurance calculation engine 10.2.1
- insurance rules palette 10.0
- insurance rules palette 10.1
- insurance rules palette 10.2
- insurance rules palette 11.0
- insurance rules palette 11.1
- primavera gateway 15.2
- primavera gateway 16.2
- primavera gateway 17.12
- rapid planning 12.1
- rapid planning 12.2
- retail back office 14.0
- retail back office 14.1
- retail central office 14.0
- retail central office 14.1
- retail customer insights 15.0
- retail customer insights 16.0
- retail integration bus 14.0.1
- retail integration bus 14.0.2
- retail integration bus 14.0.3
- retail integration bus 14.0.4
- retail integration bus 14.1.1
- retail integration bus 14.1.2
- retail integration bus 14.1.3
- retail integration bus 15.0.0.1
- retail integration bus 15.0.1
- retail integration bus 15.0.2
- retail integration bus 16.0
- retail integration bus 16.0.1
- retail integration bus 16.0.2
- retail open commerce platform 5.3.0
- retail open commerce platform 6.0.0
- retail open commerce platform 6.0.1
- retail order broker 15.0
- retail order broker 16.0
- retail order broker 5.1
- retail order broker 5.2
- retail point of sale 14.0
- retail point of sale 14.1
- retail predictive application server 14.0
- retail predictive application server 14.1
- retail predictive application server 15.0
- retail predictive application server 16.0
- retail returns management 14.0
- retail returns management 14.1
- retail xstore point of service 7.1
- service architecture leveraging tuxedo 12.1.3.0.0
- service architecture leveraging tuxedo 12.2.2.0.0
- spring framework
- tape library acsls 8.4
References
Advisory
