CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Published : 2018-04-06 13:29 Updated : 2019-07-03 19:15

7.5

CVSS Score More info

Score 7.5 / 10

Access vector NETWORK

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

Authentication NONE

Authentication is not required to exploit the vulnerability.

Confidentiality impact PARTIAL

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity impact PARTIAL

Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited. For example, system or application files may be overwritten or modified, but either the attacker has no control over which files are affected or the attacker can modify files within only a limited context or scope.

Availability impact PARTIAL

There is reduced performance or interruptions in resource availability. An example is a network-based flood attack that permits a limited number of successful connections to an Internet service.

CPE (99)
Tree view

Vendor	Product	Version	URI
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0
Pivotal Software	Spring Framework	4.3.1	cpe:/a:pivotal_software:spring_framework:4.3.1
Pivotal Software	Spring Framework	4.3.2	cpe:/a:pivotal_software:spring_framework:4.3.2
Pivotal Software	Spring Framework	4.3.3	cpe:/a:pivotal_software:spring_framework:4.3.3
Pivotal Software	Spring Framework	4.3.4	cpe:/a:pivotal_software:spring_framework:4.3.4
Pivotal Software	Spring Framework	4.2.9	cpe:/a:pivotal_software:spring_framework:4.2.9
Pivotal Software	Spring Framework	4.3.5	cpe:/a:pivotal_software:spring_framework:4.3.5
Pivotal Software	Spring Framework	4.3.6	cpe:/a:pivotal_software:spring_framework:4.3.6
Pivotal Software	Spring Framework	4.3.7	cpe:/a:pivotal_software:spring_framework:4.3.7
Pivotal Software	Spring Framework	4.3.8	cpe:/a:pivotal_software:spring_framework:4.3.8
Pivotal Software	Spring Framework	4.3.9	cpe:/a:pivotal_software:spring_framework:4.3.9
Pivotal Software	Spring Framework	4.3.10	cpe:/a:pivotal_software:spring_framework:4.3.10
Pivotal Software	Spring Framework	4.3.11	cpe:/a:pivotal_software:spring_framework:4.3.11
Pivotal Software	Spring Framework	4.3.12	cpe:/a:pivotal_software:spring_framework:4.3.12
Pivotal Software	Spring Framework	4.3.13	cpe:/a:pivotal_software:spring_framework:4.3.13
Pivotal Software	Spring Framework	4.3.14	cpe:/a:pivotal_software:spring_framework:4.3.14
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0
Pivotal Software	Spring Framework	5.0.1	cpe:/a:pivotal_software:spring_framework:5.0.1
Pivotal Software	Spring Framework	5.0.2	cpe:/a:pivotal_software:spring_framework:5.0.2
Pivotal Software	Spring Framework	5.0.3	cpe:/a:pivotal_software:spring_framework:5.0.3
Pivotal Software	Spring Framework	5.0.4	cpe:/a:pivotal_software:spring_framework:5.0.4
Oracle	Application Testing Suite	12.5.0.3	cpe:/a:oracle:application_testing_suite:12.5.0.3
Oracle	Application Testing Suite	13.1.0.1	cpe:/a:oracle:application_testing_suite:13.1.0.1
Oracle	Application Testing Suite	13.2.0.1	cpe:/a:oracle:application_testing_suite:13.2.0.1
Oracle	Application Testing Suite	13.3.0.1	cpe:/a:oracle:application_testing_suite:13.3.0.1
Oracle	Big Data Discovery	1.6.0	cpe:/a:oracle:big_data_discovery:1.6.0
Oracle	Communications Diameter Signaling Router	6.0	cpe:/a:oracle:communications_diameter_signaling_router:6.0
Oracle	Communications Diameter Signaling Router	8.1	cpe:/a:oracle:communications_diameter_signaling_router:8.1
Oracle	Communications Diameter Signaling Router	8.2	cpe:/a:oracle:communications_diameter_signaling_router:8.2
Oracle	Enterprise Manager Ops Center	12.2.2	cpe:/a:oracle:enterprise_manager_ops_center:12.2.2
Oracle	Enterprise Manager Ops Center	12.3.3	cpe:/a:oracle:enterprise_manager_ops_center:12.3.3
Oracle	Goldengate For Big Data	12.2.0.1	cpe:/a:oracle:goldengate_for_big_data:12.2.0.1
Oracle	Goldengate For Big Data	12.3.1.1	cpe:/a:oracle:goldengate_for_big_data:12.3.1.1
Oracle	Goldengate For Big Data	12.3.2.1	cpe:/a:oracle:goldengate_for_big_data:12.3.2.1
Oracle	Health Sciences Information Manager	3.0	cpe:/a:oracle:health_sciences_information_manager:3.0
Oracle	Healthcare Master Person Index	3.0	cpe:/a:oracle:healthcare_master_person_index:3.0
Oracle	Healthcare Master Person Index	4.0	cpe:/a:oracle:healthcare_master_person_index:4.0
Oracle	Insurance Calculation Engine	10.1.1	cpe:/a:oracle:insurance_calculation_engine:10.1.1
Oracle	Insurance Calculation Engine	10.2	cpe:/a:oracle:insurance_calculation_engine:10.2
Oracle	Insurance Calculation Engine	10.2.1	cpe:/a:oracle:insurance_calculation_engine:10.2.1
Oracle	Insurance Rules Palette	10.0	cpe:/a:oracle:insurance_rules_palette:10.0
Oracle	Insurance Rules Palette	10.1	cpe:/a:oracle:insurance_rules_palette:10.1
Oracle	Insurance Rules Palette	10.2	cpe:/a:oracle:insurance_rules_palette:10.2
Oracle	Insurance Rules Palette	11.0	cpe:/a:oracle:insurance_rules_palette:11.0
Oracle	Insurance Rules Palette	11.1	cpe:/a:oracle:insurance_rules_palette:11.1
Oracle	Primavera Gateway	15.2	cpe:/a:oracle:primavera_gateway:15.2
Oracle	Primavera Gateway	16.2	cpe:/a:oracle:primavera_gateway:16.2
Oracle	Primavera Gateway	17.12	cpe:/a:oracle:primavera_gateway:17.12
Oracle	Retail Back Office	14.0	cpe:/a:oracle:retail_back_office:14.0
Oracle	Retail Back Office	14.1	cpe:/a:oracle:retail_back_office:14.1
Oracle	Retail Central Office	14.0	cpe:/a:oracle:retail_central_office:14.0
Oracle	Retail Central Office	14.1	cpe:/a:oracle:retail_central_office:14.1
Oracle	Retail Customer Insights	15.0	cpe:/a:oracle:retail_customer_insights:15.0
Oracle	Retail Customer Insights	16.0	cpe:/a:oracle:retail_customer_insights:16.0
Oracle	Retail Integration Bus	14.0.1	cpe:/a:oracle:retail_integration_bus:14.0.1
Oracle	Retail Integration Bus	14.0.2	cpe:/a:oracle:retail_integration_bus:14.0.2
Oracle	Retail Integration Bus	14.0.3	cpe:/a:oracle:retail_integration_bus:14.0.3
Oracle	Retail Integration Bus	14.0.4	cpe:/a:oracle:retail_integration_bus:14.0.4
Oracle	Retail Integration Bus	14.1.1	cpe:/a:oracle:retail_integration_bus:14.1.1
Oracle	Retail Integration Bus	14.1.2	cpe:/a:oracle:retail_integration_bus:14.1.2
Oracle	Retail Integration Bus	14.1.3	cpe:/a:oracle:retail_integration_bus:14.1.3
Oracle	Retail Integration Bus	15.0.0.1	cpe:/a:oracle:retail_integration_bus:15.0.0.1
Oracle	Retail Integration Bus	15.0.1	cpe:/a:oracle:retail_integration_bus:15.0.1
Oracle	Retail Integration Bus	15.0.2	cpe:/a:oracle:retail_integration_bus:15.0.2
Oracle	Retail Integration Bus	16.0	cpe:/a:oracle:retail_integration_bus:16.0
Oracle	Retail Integration Bus	16.0.1	cpe:/a:oracle:retail_integration_bus:16.0.1
Oracle	Retail Integration Bus	16.0.2	cpe:/a:oracle:retail_integration_bus:16.0.2
Oracle	Retail Open Commerce Platform	5.3.0	cpe:/a:oracle:retail_open_commerce_platform:5.3.0
Oracle	Retail Open Commerce Platform	6.0.0	cpe:/a:oracle:retail_open_commerce_platform:6.0.0
Oracle	Retail Open Commerce Platform	6.0.1	cpe:/a:oracle:retail_open_commerce_platform:6.0.1
Oracle	Retail Order Broker	5.1	cpe:/a:oracle:retail_order_broker:5.1
Oracle	Retail Order Broker	5.2	cpe:/a:oracle:retail_order_broker:5.2
Oracle	Retail Order Broker	15.0	cpe:/a:oracle:retail_order_broker:15.0
Oracle	Retail Order Broker	16.0	cpe:/a:oracle:retail_order_broker:16.0
Oracle	Retail Point-of-sale	14.0	cpe:/a:oracle:retail_point-of-sale:14.0
Oracle	Retail Point-of-sale	14.1	cpe:/a:oracle:retail_point-of-sale:14.1
Oracle	Retail Predictive Application Server	14.0	cpe:/a:oracle:retail_predictive_application_server:14.0
Oracle	Retail Predictive Application Server	14.1	cpe:/a:oracle:retail_predictive_application_server:14.1
Oracle	Retail Predictive Application Server	15.0	cpe:/a:oracle:retail_predictive_application_server:15.0
Oracle	Retail Predictive Application Server	16.0	cpe:/a:oracle:retail_predictive_application_server:16.0
Oracle	Retail Returns Management	14.0	cpe:/a:oracle:retail_returns_management:14.0
Oracle	Retail Returns Management	14.1	cpe:/a:oracle:retail_returns_management:14.1
Oracle	Service Architecture Leveraging Tuxedo	12.1.3.0.0	cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0
Oracle	Service Architecture Leveraging Tuxedo	12.2.2.0.0	cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0
Oracle	Tape Library Acsls	8.4	cpe:/a:oracle:tape_library_acsls:8.4
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:-
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:rc1
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:rc2
Pivotal Software	Spring Framework	4.3.15	cpe:/a:pivotal_software:spring_framework:4.3.15
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:-
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone1
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone2
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone3
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone4
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone5
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc1
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc2
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc3
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc4

Oracle (21) Search CVE
1. Retail Customer Insights (2) Search CVE
  1. 15.0
  2. 16.0
2. Retail Back Office (2) Search CVE
  1. 14.0
  2. 14.1
3. Retail Predictive Application Server (4) Search CVE
  1. 14.0
  2. 14.1
  3. 15.0
  4. 16.0
4. Retail Point-of-sale (2) Search CVE
  1. 14.0
  2. 14.1
5. Retail Integration Bus (13) Search CVE
  1. 14.0.1
  2. 14.0.2
  3. 14.0.3
  4. 14.0.4
  5. 14.1.1
  6. 14.1.2
  7. 14.1.3
  8. 15.0.0.1
  9. 15.0.1
  10. 15.0.2
  11. 16.0
  12. 16.0.1
  13. 16.0.2
6. Health Sciences Information Manager (1) Search CVE
  1. 3.0
7. Communications Diameter Signaling Router (3) Search CVE
  1. 6.0
  2. 8.1
  3. 8.2
8. Big Data Discovery (1) Search CVE
  1. 1.6.0
9. Enterprise Manager Ops Center (2) Search CVE
  1. 12.2.2
  2. 12.3.3
10. Insurance Rules Palette (5) Search CVE
  1. 10.0
  2. 10.1
  3. 10.2
  4. 11.0
  5. 11.1
11. Retail Returns Management (2) Search CVE
  1. 14.0
  2. 14.1
12. Application Testing Suite (4) Search CVE
  1. 12.5.0.3
  2. 13.1.0.1
  3. 13.2.0.1
  4. 13.3.0.1
13. Retail Order Broker (4) Search CVE
  1. 5.1
  2. 5.2
  3. 15.0
  4. 16.0
14. Tape Library Acsls (1) Search CVE
  1. 8.4
15. Goldengate For Big Data (3) Search CVE
  1. 12.2.0.1
  2. 12.3.1.1
  3. 12.3.2.1
16. Retail Open Commerce Platform (3) Search CVE
  1. 5.3.0
  2. 6.0.0
  3. 6.0.1
17. Healthcare Master Person Index (2) Search CVE
  1. 3.0
  2. 4.0
18. Primavera Gateway (3) Search CVE
  1. 15.2
  2. 16.2
  3. 17.12
19. Service Architecture Leveraging Tuxedo (2) Search CVE
  1. 12.1.3.0.0
  2. 12.2.2.0.0
20. Insurance Calculation Engine (3) Search CVE
  1. 10.1.1
  2. 10.2
  3. 10.2.1
21. Retail Central Office (2) Search CVE
  1. 14.0
  2. 14.1
Pivotal Software (1) Search CVE
1. Spring Framework (22) Search CVE
  1. 4.3.0
  2. 4.3.1
  3. 4.3.2
  4. 4.3.3
  5. 4.3.4
  6. 4.2.9
  7. 4.3.5
  8. 4.3.6
  9. 4.3.7
  10. 4.3.8
  11. 4.3.9
  12. 4.3.10
  13. 4.3.11
  14. 4.3.12
  15. 4.3.13
  16. 4.3.14
  17. 5.0.0
  18. 5.0.1
  19. 5.0.2
  20. 5.0.3
  21. 5.0.4
  22. 4.3.15

CWE

ID	Name	Description	Links
CWE-358	Improperly Implemented Security Check for Standard	The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.		CVE

References

Source	Link
CONFIRM	https://pivotal.io/security/cve-2018-1270
BID	http://www.securityfocus.com/bid/103696
EXPLOIT-DB	https://www.exploit-db.com/exploits/44796/
CONFIRM	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CONFIRM	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
REDHAT	https://access.redhat.com/errata/RHSA-2018:2939
CONFIRM	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
MLIST	https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

History of changes

Date

Event

2019-07-03 19:15

CPEs changed

78 added

cpe:/a:oracle:application_testing_suite:12.5.0.3 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.1.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.2.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.3.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:big_data_discovery:1.6.0 (Oracle / Big Data Discovery)
cpe:/a:oracle:communications_diameter_signaling_router:6.0 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:communications_diameter_signaling_router:8.1 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:communications_diameter_signaling_router:8.2 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:enterprise_manager_ops_center:12.2.2 (Oracle / Enterprise Manager Ops Center)
cpe:/a:oracle:enterprise_manager_ops_center:12.3.3 (Oracle / Enterprise Manager Ops Center)
cpe:/a:oracle:goldengate_for_big_data:12.2.0.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:goldengate_for_big_data:12.3.1.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:goldengate_for_big_data:12.3.2.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:health_sciences_information_manager:3.0 (Oracle / Health Sciences Information Manager)
cpe:/a:oracle:healthcare_master_person_index:3.0 (Oracle / Healthcare Master Person Index)
cpe:/a:oracle:healthcare_master_person_index:4.0 (Oracle / Healthcare Master Person Index)
cpe:/a:oracle:insurance_calculation_engine:10.1.1 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_calculation_engine:10.2 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_calculation_engine:10.2.1 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_rules_palette:10.0 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:10.1 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:10.2 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:11.0 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:11.1 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:primavera_gateway:15.2 (Oracle / Primavera Gateway)
cpe:/a:oracle:primavera_gateway:16.2 (Oracle / Primavera Gateway)
cpe:/a:oracle:primavera_gateway:17.12 (Oracle / Primavera Gateway)
cpe:/a:oracle:retail_back_office:14.0 (Oracle / Retail Back Office)
cpe:/a:oracle:retail_back_office:14.1 (Oracle / Retail Back Office)
cpe:/a:oracle:retail_central_office:14.0 (Oracle / Retail Central Office)
cpe:/a:oracle:retail_central_office:14.1 (Oracle / Retail Central Office)
cpe:/a:oracle:retail_customer_insights:15.0 (Oracle / Retail Customer Insights)
cpe:/a:oracle:retail_customer_insights:16.0 (Oracle / Retail Customer Insights)
cpe:/a:oracle:retail_integration_bus:14.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.3 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.4 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.3 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_open_commerce_platform:5.3.0 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_open_commerce_platform:6.0.0 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_open_commerce_platform:6.0.1 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_order_broker:15.0 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:16.0 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:5.1 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:5.2 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_point-of-sale:14.0 (Oracle / Retail Point-of-sale)
cpe:/a:oracle:retail_point-of-sale:14.1 (Oracle / Retail Point-of-sale)
cpe:/a:oracle:retail_predictive_application_server:14.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:14.1 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:15.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:16.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_returns_management:14.0 (Oracle / Retail Returns Management)
cpe:/a:oracle:retail_returns_management:14.1 (Oracle / Retail Returns Management)
cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0 (Oracle / Service Architecture Leveraging Tuxedo)
cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0 (Oracle / Service Architecture Leveraging Tuxedo)
cpe:/a:oracle:tape_library_acsls:8.4 (Oracle / Tape Library Acsls)
cpe:/a:pivotal_software:spring_framework:4.3.0:- (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.0:rc1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.0:rc2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.15 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:- (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone4 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone5 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc4 (Pivotal Software / Spring Framework)

References changed

1 added

MLIST

https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E

4 changed

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	UNKNOWN->PATCH
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	UNKNOWN->PATCH
https://access.redhat.com/errata/RHSA-2018:2939	UNKNOWN->VENDOR_ADVISORY
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	UNKNOWN->PATCH

2019-01-16 19:29

References changed

1 added

CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

2018-10-18 10:29

References changed

1 added

REDHAT

https://access.redhat.com/errata/RHSA-2018:2939

2018-10-17 01:31

References changed

1 added

CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

2018-07-19 01:29

CPEs changed

15 added

cpe:/a:pivotal_software:spring_framework:4.3.10 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.11 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.12 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.13 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.14 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.5 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.6 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.7 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.8 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.9 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.4 (Pivotal Software / Spring Framework)

References changed

1 added

CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

2018-06-01 01:29

References changed

1 added

EXPLOIT-DB

https://www.exploit-db.com/exploits/44796/

2018-05-15 18:42

CPEs changed

1 added

cpe:/a:pivotal_software:spring_framework:4.2.9 (Pivotal Software / Spring Framework)

2018-05-10 14:26

CVSS changed

New score : 7.5
No old score

CWEs changed

Added : CWE-358

References changed

2 changed

http://www.securityfocus.com/bid/103696	UNKNOWN->VENDOR_ADVISORY
https://pivotal.io/security/cve-2018-1270	UNKNOWN->VENDOR_ADVISORY

CPEs changed

5 added

cpe:/a:pivotal_software:spring_framework:4.3.0 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.4 (Pivotal Software / Spring Framework)

2018-04-11 01:29

References changed

1 added

BID	http://www.securityfocus.com/bid/103696

2018-04-06 13:29

CVE-2018-1270

Score 7.5 / 10

CWE

References

History of changes

New CVE