Vulnerability Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 4.3.0, < 4.3.15 |
| Oracle | Application Testing Suite | 12.5.0.3 |
| Oracle | Big Data Discovery | 1.6.0 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Diameter Signaling Router | < 8.3 |
| Oracle | Communications Performance Intelligence Center | < 10.2.1 |
| Oracle | Communications Services Gatekeeper | < 6.1.0.4.0 |
| Oracle | Enterprise Manager Ops Center | 12.2.2 |
| Oracle | Goldengate For Big Data | 12.2.0.1 |
| Oracle | Health Sciences Information Manager | 3.0 |
| Oracle | Healthcare Master Person Index | 3.0 |
| Oracle | Insurance Calculation Engine | 10.1.1 |
| Oracle | Insurance Rules Palette | 10.0 |
| Oracle | Primavera Gateway | 15.2 |
| Oracle | Retail Back Office | 14.0 |
| Oracle | Retail Central Office | 14.0 |
| Oracle | Retail Customer Insights | 15.0 |
| Oracle | Retail Integration Bus | 14.0.1 |
| Oracle | Retail Open Commerce Platform | 5.3.0 |
| Oracle | Retail Order Broker | 5.1 |
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/103697Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
- https://pivotal.io/security/cve-2018-1272Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/103697Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
FAQ
What is CVE-2018-1272?
CVE-2018-1272 is a vulnerability with a CVSS score of 7.5 (HIGH). Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux ser...
How severe is CVE-2018-1272?
CVE-2018-1272 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1272?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Oracle Application Testing Suite, Oracle Big Data Discovery, Oracle Communications Converged Application Server, Oracle Communications Diameter Signaling Router.