Vulnerability Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | < 4.3.16 |
| Oracle | Application Testing Suite | 12.5.0.3 |
| Oracle | Big Data Discovery | 1.6.0 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Diameter Signaling Router | < 8.3 |
| Oracle | Communications Performance Intelligence Center | < 10.2.1 |
| Oracle | Communications Services Gatekeeper | < 6.1.0.4.0 |
| Oracle | Enterprise Manager Ops Center | 12.2.2 |
| Oracle | Goldengate For Big Data | 12.2.0.1 |
| Oracle | Health Sciences Information Manager | 3.0 |
| Oracle | Healthcare Master Person Index | 3.0 |
| Oracle | Insurance Calculation Engine | 10.1.1 |
| Oracle | Insurance Rules Palette | 10.0 |
| Oracle | Primavera Gateway | 15.2 |
| Oracle | Retail Back Office | 14.0 |
| Oracle | Retail Central Office | 14.0 |
| Oracle | Retail Customer Insights | 15.0 |
| Oracle | Retail Integration Bus | 14.0.1 |
| Oracle | Retail Open Commerce Platform | 5.3.0 |
| Oracle | Retail Order Broker | 5.1 |
Related Weaknesses (CWE)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/103696Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
- https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc1212465
- https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458
- https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b
- https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741
- https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing ListThird Party Advisory
- https://pivotal.io/security/cve-2018-1270Vendor Advisory
- https://www.exploit-db.com/exploits/44796/Broken LinkThird Party AdvisoryVDB Entry
- https://www.oracle.com/security-alerts/cpujul2020.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-1270?
CVE-2018-1270 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOM...
How severe is CVE-2018-1270?
CVE-2018-1270 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1270?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Oracle Application Testing Suite, Oracle Big Data Discovery, Oracle Communications Converged Application Server, Oracle Communications Diameter Signaling Router.