CVE-2018-1275 in Converged Application Server - Service Controllerinfo

Summary

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

12/06/2017

Disclosure

04/11/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
137878Oracle Converged Application Server - Service Controller (Spring security check358Not definedOfficial fixCVE-2018-1275
129689Oracle Tape Library ACSLS Spring security check358Not definedOfficial fixCVE-2018-1275
129537Oracle Service Architecture Leveraging Tuxedo Spring security check358Not definedOfficial fixCVE-2018-1275
125604Oracle Retail Predictive Application Server RPAS Fusion Client security check358Not definedOfficial fixCVE-2018-1275
125603Oracle Retail Order Broker System Administration security check358Not definedOfficial fixCVE-2018-1275
125601Oracle Retail Open Commerce Platform Spring security check358Not definedOfficial fixCVE-2018-1275
125511Oracle Insurance Rules Palette security check358Not definedOfficial fixCVE-2018-1275
125509Oracle Insurance Calculation Engine security check358Not definedOfficial fixCVE-2018-1275
125426Oracle GoldenGate for Big Data Spring security check358Not definedOfficial fixCVE-2018-1275
125425Oracle Big Data Discovery Spring security check358Not definedOfficial fixCVE-2018-1275
125387Oracle Construction/Engineering Suite Primavera Gateway security check358Not definedOfficial fixCVE-2018-1275
121831Oracle Retail Returns Management Security security check358Not definedOfficial fixCVE-2018-1275
121829Oracle Retail Point-of-Service Infrastructure security check358Not definedOfficial fixCVE-2018-1275
121824Oracle Retail Central Office Security security check358Not definedOfficial fixCVE-2018-1275
121823Oracle Retail Back Office Security security check358Not definedOfficial fixCVE-2018-1275
121804Oracle PeopleSoft Enterprise FIN Install Security (Spring Framework) security check358Not definedOfficial fixCVE-2018-1275
121753Oracle Insurance Policy Administration Spring security check358Not definedOfficial fixCVE-2018-1275
121687Oracle WebLogic Server Sample Apps security check358Not definedOfficial fixCVE-2018-1275
121682Oracle Enterprise Repository Security security check358Not definedOfficial fixCVE-2018-1275
121628Oracle Financial Services Behavior Detection Platform Admin Tool security check358Not definedOfficial fixCVE-2018-1275
121627Oracle Financial Services Analytical Applications Infrastructure Inline Processing security check358Not definedOfficial fixCVE-2018-1275
121618Oracle Application Testing Suite Load Testing for Web Apps security check358Not definedOfficial fixCVE-2018-1275
121617Oracle Enterprise Manager Ops Center Networking security check358Not definedOfficial fixCVE-2018-1275
116116Spring Framework Incomplete Fix CVE-2018-1270 security check358Not definedOfficial fixCVE-2018-1275

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!