Vulnerability Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 4.3.0, < 4.3.16 |
| Oracle | Application Testing Suite | 12.5.0.3 |
| Oracle | Big Data Discovery | 1.6.0 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Diameter Signaling Router | < 8.3 |
| Oracle | Communications Performance Intelligence Center | < 10.2.1 |
| Oracle | Communications Services Gatekeeper | < 6.1.0.4.0 |
| Oracle | Goldengate For Big Data | 12.2.0.1 |
| Oracle | Health Sciences Information Manager | 3.0 |
| Oracle | Healthcare Master Person Index | 3.0 |
| Oracle | Insurance Calculation Engine | 10.1.1 |
| Oracle | Insurance Rules Palette | 10.0 |
| Oracle | Primavera Gateway | 15.2 |
| Oracle | Retail Customer Insights | 15.0 |
| Oracle | Retail Open Commerce Platform | 5.3.0 |
| Oracle | Retail Order Broker | 5.1 |
| Oracle | Retail Predictive Application Server | 14.0 |
| Oracle | Service Architecture Leveraging Tuxedo | 12.1.3.0.0 |
| Oracle | Tape Library Acsls | 8.4 |
Related Weaknesses (CWE)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/103771Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041301Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
- https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc1212465
- https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b
- https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9
- https://pivotal.io/security/cve-2018-1275Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatchThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-1275?
CVE-2018-1275 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOM...
How severe is CVE-2018-1275?
CVE-2018-1275 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1275?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Spring Framework, Oracle Application Testing Suite, Oracle Big Data Discovery, Oracle Communications Converged Application Server, Oracle Communications Diameter Signaling Router.