Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2018-1275

Disclosure Date: April 11, 2018
CVE-2018-1275 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Spring Framework Versions prior to 5.0.5 and 4.3.16
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • oracle,
  • vmware

Products

  • application testing suite 12.5.0.3,
  • application testing suite 13.1.0.1,
  • application testing suite 13.2.0.1,
  • application testing suite 13.3.0.1,
  • big data discovery 1.6.0,
  • communications converged application server,
  • communications diameter signaling router,
  • communications performance intelligence center,
  • communications services gatekeeper,
  • goldengate for big data 12.2.0.1,
  • goldengate for big data 12.3.1.1,
  • goldengate for big data 12.3.2.1,
  • health sciences information manager 3.0,
  • healthcare master person index 3.0,
  • healthcare master person index 4.0,
  • insurance calculation engine 10.1.1,
  • insurance calculation engine 10.2,
  • insurance calculation engine 10.2.1,
  • insurance rules palette 10.0,
  • insurance rules palette 10.1,
  • insurance rules palette 10.2,
  • insurance rules palette 11.0,
  • insurance rules palette 11.1,
  • primavera gateway 15.2,
  • primavera gateway 16.2,
  • primavera gateway 17.12,
  • retail customer insights 15.0,
  • retail customer insights 16.0,
  • retail open commerce platform 5.3.0,
  • retail open commerce platform 6.0.0,
  • retail open commerce platform 6.0.1,
  • retail order broker 15.0,
  • retail order broker 16.0,
  • retail order broker 5.1,
  • retail order broker 5.2,
  • retail predictive application server 14.0,
  • retail predictive application server 14.1,
  • retail predictive application server 15.0,
  • retail predictive application server 16.0,
  • service architecture leveraging tuxedo 12.1.3.0.0,
  • service architecture leveraging tuxedo 12.2.2.0.0,
  • spring framework,
  • tape library acsls 8.4

References

Canonical
CVE-2018-1275 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1275)
BID-103771 (http://www.securityfocus.com/bid/103771)
Advisory
SECTRACK-1041301 (http://www.securitytracker.com/id/1041301)
https://access.redhat.com/errata/RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2018:1320
[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) (https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E)
[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar (https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E)
[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar (https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://pivotal.io/security/cve-2018-1275
Miscellaneous
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis