CVE-2018-1271

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Published : 2018-04-06 13:29 Updated : 2019-07-23 23:15

4.3

CVSS Score More info

Score 4.3 / 10

Access vector NETWORK

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Access complexity MEDIUM

The access conditions are somewhat specialized; the following are examples:

The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted.
Some information must be gathered before a successful attack can be launched.
The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme).
The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browsers status bar to show a false link, having to be on someones buddy list before sending an IM exploit).

Authentication NONE

Authentication is not required to exploit the vulnerability.

Confidentiality impact PARTIAL

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity impact NONE

There is no impact to the integrity of the system.

Availability impact NONE

There is no impact to the availability of the system.

CPE (98)
Tree view

Vendor	Product	Version	URI
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0
Pivotal Software	Spring Framework	4.3.1	cpe:/a:pivotal_software:spring_framework:4.3.1
Pivotal Software	Spring Framework	4.3.2	cpe:/a:pivotal_software:spring_framework:4.3.2
Pivotal Software	Spring Framework	4.3.3	cpe:/a:pivotal_software:spring_framework:4.3.3
Pivotal Software	Spring Framework	4.3.4	cpe:/a:pivotal_software:spring_framework:4.3.4
Pivotal Software	Spring Framework	4.2.9	cpe:/a:pivotal_software:spring_framework:4.2.9
Pivotal Software	Spring Framework	4.3.5	cpe:/a:pivotal_software:spring_framework:4.3.5
Pivotal Software	Spring Framework	4.3.6	cpe:/a:pivotal_software:spring_framework:4.3.6
Pivotal Software	Spring Framework	4.3.7	cpe:/a:pivotal_software:spring_framework:4.3.7
Pivotal Software	Spring Framework	4.3.8	cpe:/a:pivotal_software:spring_framework:4.3.8
Pivotal Software	Spring Framework	4.3.9	cpe:/a:pivotal_software:spring_framework:4.3.9
Pivotal Software	Spring Framework	4.3.10	cpe:/a:pivotal_software:spring_framework:4.3.10
Pivotal Software	Spring Framework	4.3.11	cpe:/a:pivotal_software:spring_framework:4.3.11
Pivotal Software	Spring Framework	4.3.12	cpe:/a:pivotal_software:spring_framework:4.3.12
Pivotal Software	Spring Framework	4.3.13	cpe:/a:pivotal_software:spring_framework:4.3.13
Pivotal Software	Spring Framework	4.3.14	cpe:/a:pivotal_software:spring_framework:4.3.14
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0
Pivotal Software	Spring Framework	5.0.1	cpe:/a:pivotal_software:spring_framework:5.0.1
Pivotal Software	Spring Framework	5.0.2	cpe:/a:pivotal_software:spring_framework:5.0.2
Pivotal Software	Spring Framework	5.0.3	cpe:/a:pivotal_software:spring_framework:5.0.3
Pivotal Software	Spring Framework	5.0.4	cpe:/a:pivotal_software:spring_framework:5.0.4
Oracle	Application Testing Suite	12.5.0.3	cpe:/a:oracle:application_testing_suite:12.5.0.3
Oracle	Application Testing Suite	13.1.0.1	cpe:/a:oracle:application_testing_suite:13.1.0.1
Oracle	Application Testing Suite	13.2.0.1	cpe:/a:oracle:application_testing_suite:13.2.0.1
Oracle	Application Testing Suite	13.3.0.1	cpe:/a:oracle:application_testing_suite:13.3.0.1
Oracle	Big Data Discovery	1.6.0	cpe:/a:oracle:big_data_discovery:1.6.0
Oracle	Communications Diameter Signaling Router	6.0	cpe:/a:oracle:communications_diameter_signaling_router:6.0
Oracle	Communications Diameter Signaling Router	8.1	cpe:/a:oracle:communications_diameter_signaling_router:8.1
Oracle	Communications Diameter Signaling Router	8.2	cpe:/a:oracle:communications_diameter_signaling_router:8.2
Oracle	Enterprise Manager Ops Center	12.2.2	cpe:/a:oracle:enterprise_manager_ops_center:12.2.2
Oracle	Enterprise Manager Ops Center	12.3.3	cpe:/a:oracle:enterprise_manager_ops_center:12.3.3
Oracle	Goldengate For Big Data	12.2.0.1	cpe:/a:oracle:goldengate_for_big_data:12.2.0.1
Oracle	Goldengate For Big Data	12.3.1.1	cpe:/a:oracle:goldengate_for_big_data:12.3.1.1
Oracle	Goldengate For Big Data	12.3.2.1	cpe:/a:oracle:goldengate_for_big_data:12.3.2.1
Oracle	Health Sciences Information Manager	3.0	cpe:/a:oracle:health_sciences_information_manager:3.0
Oracle	Healthcare Master Person Index	3.0	cpe:/a:oracle:healthcare_master_person_index:3.0
Oracle	Healthcare Master Person Index	4.0	cpe:/a:oracle:healthcare_master_person_index:4.0
Oracle	Insurance Calculation Engine	10.1.1	cpe:/a:oracle:insurance_calculation_engine:10.1.1
Oracle	Insurance Calculation Engine	10.2	cpe:/a:oracle:insurance_calculation_engine:10.2
Oracle	Insurance Calculation Engine	10.2.1	cpe:/a:oracle:insurance_calculation_engine:10.2.1
Oracle	Insurance Rules Palette	10.0	cpe:/a:oracle:insurance_rules_palette:10.0
Oracle	Insurance Rules Palette	10.1	cpe:/a:oracle:insurance_rules_palette:10.1
Oracle	Insurance Rules Palette	10.2	cpe:/a:oracle:insurance_rules_palette:10.2
Oracle	Insurance Rules Palette	11.0	cpe:/a:oracle:insurance_rules_palette:11.0
Oracle	Insurance Rules Palette	11.1	cpe:/a:oracle:insurance_rules_palette:11.1
Oracle	Primavera Gateway	15.2	cpe:/a:oracle:primavera_gateway:15.2
Oracle	Primavera Gateway	16.2	cpe:/a:oracle:primavera_gateway:16.2
Oracle	Primavera Gateway	17.12	cpe:/a:oracle:primavera_gateway:17.12
Oracle	Retail Back Office	14.0	cpe:/a:oracle:retail_back_office:14.0
Oracle	Retail Back Office	14.1	cpe:/a:oracle:retail_back_office:14.1
Oracle	Retail Central Office	14.0	cpe:/a:oracle:retail_central_office:14.0
Oracle	Retail Central Office	14.1	cpe:/a:oracle:retail_central_office:14.1
Oracle	Retail Customer Insights	15.0	cpe:/a:oracle:retail_customer_insights:15.0
Oracle	Retail Customer Insights	16.0	cpe:/a:oracle:retail_customer_insights:16.0
Oracle	Retail Integration Bus	14.0.1	cpe:/a:oracle:retail_integration_bus:14.0.1
Oracle	Retail Integration Bus	14.0.2	cpe:/a:oracle:retail_integration_bus:14.0.2
Oracle	Retail Integration Bus	14.0.3	cpe:/a:oracle:retail_integration_bus:14.0.3
Oracle	Retail Integration Bus	14.0.4	cpe:/a:oracle:retail_integration_bus:14.0.4
Oracle	Retail Integration Bus	14.1.1	cpe:/a:oracle:retail_integration_bus:14.1.1
Oracle	Retail Integration Bus	14.1.2	cpe:/a:oracle:retail_integration_bus:14.1.2
Oracle	Retail Integration Bus	14.1.3	cpe:/a:oracle:retail_integration_bus:14.1.3
Oracle	Retail Integration Bus	15.0.0.1	cpe:/a:oracle:retail_integration_bus:15.0.0.1
Oracle	Retail Integration Bus	15.0.1	cpe:/a:oracle:retail_integration_bus:15.0.1
Oracle	Retail Integration Bus	15.0.2	cpe:/a:oracle:retail_integration_bus:15.0.2
Oracle	Retail Integration Bus	16.0	cpe:/a:oracle:retail_integration_bus:16.0
Oracle	Retail Integration Bus	16.0.1	cpe:/a:oracle:retail_integration_bus:16.0.1
Oracle	Retail Integration Bus	16.0.2	cpe:/a:oracle:retail_integration_bus:16.0.2
Oracle	Retail Open Commerce Platform	5.3.0	cpe:/a:oracle:retail_open_commerce_platform:5.3.0
Oracle	Retail Open Commerce Platform	6.0.0	cpe:/a:oracle:retail_open_commerce_platform:6.0.0
Oracle	Retail Open Commerce Platform	6.0.1	cpe:/a:oracle:retail_open_commerce_platform:6.0.1
Oracle	Retail Order Broker	5.1	cpe:/a:oracle:retail_order_broker:5.1
Oracle	Retail Order Broker	5.2	cpe:/a:oracle:retail_order_broker:5.2
Oracle	Retail Order Broker	15.0	cpe:/a:oracle:retail_order_broker:15.0
Oracle	Retail Order Broker	16.0	cpe:/a:oracle:retail_order_broker:16.0
Oracle	Retail Point-of-sale	14.0	cpe:/a:oracle:retail_point-of-sale:14.0
Oracle	Retail Point-of-sale	14.1	cpe:/a:oracle:retail_point-of-sale:14.1
Oracle	Retail Predictive Application Server	14.0	cpe:/a:oracle:retail_predictive_application_server:14.0
Oracle	Retail Predictive Application Server	14.1	cpe:/a:oracle:retail_predictive_application_server:14.1
Oracle	Retail Predictive Application Server	15.0	cpe:/a:oracle:retail_predictive_application_server:15.0
Oracle	Retail Predictive Application Server	16.0	cpe:/a:oracle:retail_predictive_application_server:16.0
Oracle	Retail Returns Management	14.0	cpe:/a:oracle:retail_returns_management:14.0
Oracle	Retail Returns Management	14.1	cpe:/a:oracle:retail_returns_management:14.1
Oracle	Service Architecture Leveraging Tuxedo	12.1.3.0.0	cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0
Oracle	Service Architecture Leveraging Tuxedo	12.2.2.0.0	cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0
Oracle	Tape Library Acsls	8.4	cpe:/a:oracle:tape_library_acsls:8.4
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:-
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:rc1
Pivotal Software	Spring Framework	4.3.0	cpe:/a:pivotal_software:spring_framework:4.3.0:rc2
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:-
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone1
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone2
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone3
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone4
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:milestone5
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc1
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc2
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc3
Pivotal Software	Spring Framework	5.0.0	cpe:/a:pivotal_software:spring_framework:5.0.0:rc4

Oracle (21) Search CVE
1. Retail Customer Insights (2) Search CVE
  1. 15.0
  2. 16.0
2. Retail Back Office (2) Search CVE
  1. 14.0
  2. 14.1
3. Retail Predictive Application Server (4) Search CVE
  1. 14.0
  2. 14.1
  3. 15.0
  4. 16.0
4. Retail Point-of-sale (2) Search CVE
  1. 14.0
  2. 14.1
5. Retail Integration Bus (13) Search CVE
  1. 14.0.1
  2. 14.0.2
  3. 14.0.3
  4. 14.0.4
  5. 14.1.1
  6. 14.1.2
  7. 14.1.3
  8. 15.0.0.1
  9. 15.0.1
  10. 15.0.2
  11. 16.0
  12. 16.0.1
  13. 16.0.2
6. Health Sciences Information Manager (1) Search CVE
  1. 3.0
7. Communications Diameter Signaling Router (3) Search CVE
  1. 6.0
  2. 8.1
  3. 8.2
8. Big Data Discovery (1) Search CVE
  1. 1.6.0
9. Enterprise Manager Ops Center (2) Search CVE
  1. 12.2.2
  2. 12.3.3
10. Insurance Rules Palette (5) Search CVE
  1. 10.0
  2. 10.1
  3. 10.2
  4. 11.0
  5. 11.1
11. Retail Returns Management (2) Search CVE
  1. 14.0
  2. 14.1
12. Application Testing Suite (4) Search CVE
  1. 12.5.0.3
  2. 13.1.0.1
  3. 13.2.0.1
  4. 13.3.0.1
13. Retail Order Broker (4) Search CVE
  1. 5.1
  2. 5.2
  3. 15.0
  4. 16.0
14. Tape Library Acsls (1) Search CVE
  1. 8.4
15. Goldengate For Big Data (3) Search CVE
  1. 12.2.0.1
  2. 12.3.1.1
  3. 12.3.2.1
16. Retail Open Commerce Platform (3) Search CVE
  1. 5.3.0
  2. 6.0.0
  3. 6.0.1
17. Healthcare Master Person Index (2) Search CVE
  1. 3.0
  2. 4.0
18. Primavera Gateway (3) Search CVE
  1. 15.2
  2. 16.2
  3. 17.12
19. Service Architecture Leveraging Tuxedo (2) Search CVE
  1. 12.1.3.0.0
  2. 12.2.2.0.0
20. Insurance Calculation Engine (3) Search CVE
  1. 10.1.1
  2. 10.2
  3. 10.2.1
21. Retail Central Office (2) Search CVE
  1. 14.0
  2. 14.1
Pivotal Software (1) Search CVE
1. Spring Framework (21) Search CVE
  1. 4.3.0
  2. 4.3.1
  3. 4.3.2
  4. 4.3.3
  5. 4.3.4
  6. 4.2.9
  7. 4.3.5
  8. 4.3.6
  9. 4.3.7
  10. 4.3.8
  11. 4.3.9
  12. 4.3.10
  13. 4.3.11
  14. 4.3.12
  15. 4.3.13
  16. 4.3.14
  17. 5.0.0
  18. 5.0.1
  19. 5.0.2
  20. 5.0.3
  21. 5.0.4

CWE

ID	Name	Description	Links
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.		CVE

References

Source	Link
CONFIRM	https://pivotal.io/security/cve-2018-1271
BID	http://www.securityfocus.com/bid/103699
REDHAT	https://access.redhat.com/errata/RHSA-2018:1320
CONFIRM	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
REDHAT	https://access.redhat.com/errata/RHSA-2018:2669
CONFIRM	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
REDHAT	https://access.redhat.com/errata/RHSA-2018:2939
CONFIRM	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
MISC	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History of changes

Date

Event

2019-07-23 23:15

CPEs changed

77 added

cpe:/a:oracle:application_testing_suite:12.5.0.3 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.1.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.2.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:application_testing_suite:13.3.0.1 (Oracle / Application Testing Suite)
cpe:/a:oracle:big_data_discovery:1.6.0 (Oracle / Big Data Discovery)
cpe:/a:oracle:communications_diameter_signaling_router:6.0 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:communications_diameter_signaling_router:8.1 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:communications_diameter_signaling_router:8.2 (Oracle / Communications Diameter Signaling Router)
cpe:/a:oracle:enterprise_manager_ops_center:12.2.2 (Oracle / Enterprise Manager Ops Center)
cpe:/a:oracle:enterprise_manager_ops_center:12.3.3 (Oracle / Enterprise Manager Ops Center)
cpe:/a:oracle:goldengate_for_big_data:12.2.0.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:goldengate_for_big_data:12.3.1.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:goldengate_for_big_data:12.3.2.1 (Oracle / Goldengate For Big Data)
cpe:/a:oracle:health_sciences_information_manager:3.0 (Oracle / Health Sciences Information Manager)
cpe:/a:oracle:healthcare_master_person_index:3.0 (Oracle / Healthcare Master Person Index)
cpe:/a:oracle:healthcare_master_person_index:4.0 (Oracle / Healthcare Master Person Index)
cpe:/a:oracle:insurance_calculation_engine:10.1.1 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_calculation_engine:10.2 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_calculation_engine:10.2.1 (Oracle / Insurance Calculation Engine)
cpe:/a:oracle:insurance_rules_palette:10.0 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:10.1 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:10.2 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:11.0 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:insurance_rules_palette:11.1 (Oracle / Insurance Rules Palette)
cpe:/a:oracle:primavera_gateway:15.2 (Oracle / Primavera Gateway)
cpe:/a:oracle:primavera_gateway:16.2 (Oracle / Primavera Gateway)
cpe:/a:oracle:primavera_gateway:17.12 (Oracle / Primavera Gateway)
cpe:/a:oracle:retail_back_office:14.0 (Oracle / Retail Back Office)
cpe:/a:oracle:retail_back_office:14.1 (Oracle / Retail Back Office)
cpe:/a:oracle:retail_central_office:14.0 (Oracle / Retail Central Office)
cpe:/a:oracle:retail_central_office:14.1 (Oracle / Retail Central Office)
cpe:/a:oracle:retail_customer_insights:15.0 (Oracle / Retail Customer Insights)
cpe:/a:oracle:retail_customer_insights:16.0 (Oracle / Retail Customer Insights)
cpe:/a:oracle:retail_integration_bus:14.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.3 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.0.4 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:14.1.3 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:15.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0.1 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_integration_bus:16.0.2 (Oracle / Retail Integration Bus)
cpe:/a:oracle:retail_open_commerce_platform:5.3.0 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_open_commerce_platform:6.0.0 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_open_commerce_platform:6.0.1 (Oracle / Retail Open Commerce Platform)
cpe:/a:oracle:retail_order_broker:15.0 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:16.0 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:5.1 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_order_broker:5.2 (Oracle / Retail Order Broker)
cpe:/a:oracle:retail_point-of-sale:14.0 (Oracle / Retail Point-of-sale)
cpe:/a:oracle:retail_point-of-sale:14.1 (Oracle / Retail Point-of-sale)
cpe:/a:oracle:retail_predictive_application_server:14.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:14.1 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:15.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_predictive_application_server:16.0 (Oracle / Retail Predictive Application Server)
cpe:/a:oracle:retail_returns_management:14.0 (Oracle / Retail Returns Management)
cpe:/a:oracle:retail_returns_management:14.1 (Oracle / Retail Returns Management)
cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0 (Oracle / Service Architecture Leveraging Tuxedo)
cpe:/a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0 (Oracle / Service Architecture Leveraging Tuxedo)
cpe:/a:oracle:tape_library_acsls:8.4 (Oracle / Tape Library Acsls)
cpe:/a:pivotal_software:spring_framework:4.3.0:- (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.0:rc1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.0:rc2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:- (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone4 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:milestone5 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0:rc4 (Pivotal Software / Spring Framework)

References changed

1 added

MISC	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

5 changed

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	UNKNOWN->PATCH
https://access.redhat.com/errata/RHSA-2018:2669	UNKNOWN->VENDOR_ADVISORY
https://access.redhat.com/errata/RHSA-2018:2939	UNKNOWN->VENDOR_ADVISORY
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	UNKNOWN->PATCH
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	UNKNOWN->PATCH

2019-01-16 19:29

References changed

1 added

CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

2018-10-18 10:29

References changed

1 added

REDHAT

https://access.redhat.com/errata/RHSA-2018:2939

2018-10-17 01:31

References changed

1 added

CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

2018-09-12 10:29

References changed

1 added

REDHAT

https://access.redhat.com/errata/RHSA-2018:2669

2018-07-19 01:29

References changed

1 added

CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

CPEs changed

15 added

cpe:/a:pivotal_software:spring_framework:4.3.10 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.11 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.12 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.13 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.14 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.5 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.6 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.7 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.8 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.9 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.0 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:5.0.4 (Pivotal Software / Spring Framework)

2018-05-15 18:42

CPEs changed

1 added

cpe:/a:pivotal_software:spring_framework:4.2.9 (Pivotal Software / Spring Framework)

2018-05-10 16:27

CVSS changed

New score : 4.3
No old score

CWEs changed

Added : CWE-22

CPEs changed

5 added

cpe:/a:pivotal_software:spring_framework:4.3.0 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.1 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.2 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.3 (Pivotal Software / Spring Framework)
cpe:/a:pivotal_software:spring_framework:4.3.4 (Pivotal Software / Spring Framework)

References changed

3 changed

https://pivotal.io/security/cve-2018-1271	UNKNOWN->VENDOR_ADVISORY
http://www.securityfocus.com/bid/103699	UNKNOWN->VENDOR_ADVISORY
https://access.redhat.com/errata/RHSA-2018:1320	UNKNOWN->VENDOR_ADVISORY

2018-05-05 01:29

References changed

1 added

REDHAT

https://access.redhat.com/errata/RHSA-2018:1320

2018-04-12 01:29

References changed

1 added

BID	http://www.securityfocus.com/bid/103699

2018-04-06 13:29

CVE-2018-1271

Score 4.3 / 10

CWE

References

History of changes

New CVE