Lucene search

DellCVE-2018-1196

HistoryMar 19, 2018 - 6:29 p.m.

CVE-2018-1196

2018-03-1918:29:00

CWE-59

dell

web.nvd.nist.gov

cve-2018-1196

spring boot

symlink attack

security vulnerability

linux service

systemd

init.d

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the “run_user” to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the “run_user” requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

Affected configurations

Nvd

Vulners

Node

vmwarespring_bootRange≤1.5.9

vmwarespring_bootMatch2.0.0milestone1

vmwarespring_bootMatch2.0.0milestone2

vmwarespring_bootMatch2.0.0milestone3

vmwarespring_bootMatch2.0.0milestone4

vmwarespring_bootMatch2.0.0milestone5

vmwarespring_bootMatch2.0.0milestone6

vmwarespring_bootMatch2.0.0milestone7

VendorProductVersionCPE
vmwarespring_boot*cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone6:*:*:*:*:*:*
vmwarespring_boot2.0.0cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	spring_boot	*	cpe:2.3:a:vmware:spring_boot::::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone1::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone2::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone3::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone4::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone5::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone6::::::
vmware	spring_boot	2.0.0	cpe:2.3:a:vmware:spring_boot:2.0.0:milestone7::::::

CNA Affected

[
  {
    "product": "Spring Boot",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "1.5.0 - 1.5.9"
      },
      {
        "status": "affected",
        "version": "2.0.0.M1 - 2.0.0.M7"
      }
    ]
  }
]

References

pivotal.io/security/cve-2018-1196

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for CVE-2018-1196