Lucene search

CVE-2018-1272

🗓️ 06 Apr 2018 13:00:29Reported by dellType

Spring Framework versions 5.0 < 5.0.5 & 4.3 < 4.3.15 vulnerable to multipart request attack

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 30
RedhatCVE	CVE-2018-1272	8 Oct 201903:56	–	redhatcve
Veracode	Privilege Escalation Through Multipart Content Pollution	6 Apr 201802:06	–	veracode
Prion	Input validation	6 Apr 201813:29	–	prion
Cvelist	CVE-2018-1272	6 Apr 201813:00	–	cvelist
OSV	GHSA-4487-X383-QPPH Possible privilege escalation in org.springframework:spring-core	17 Oct 201820:27	–	osv
OSV	CVE-2018-1272	6 Apr 201813:29	–	osv
Github Security Blog	Possible privilege escalation in org.springframework:spring-core	17 Oct 201820:27	–	github
NVD	CVE-2018-1272	6 Apr 201813:29	–	nvd
Debian CVE	CVE-2018-1272	6 Apr 201813:29	–	debiancve
UbuntuCve	CVE-2018-1272	6 Apr 201800:00	–	ubuntucve

Nvd

Node

vmware spring_frameworkRange4.3.0–4.3.15

vmware spring_frameworkRange5.0–5.0.5

Node

oracle application_testing_suiteMatch12.5.0.3

oracle application_testing_suiteMatch13.1.0.1

oracle application_testing_suiteMatch13.2.0.1

oracle application_testing_suiteMatch13.3.0.1

oracle big_data_discoveryMatch1.6.0

oracle communications_converged_application_serverRange<7.0.0.1

oracle communications_diameter_signaling_routerRange<8.3

oracle communications_performance_intelligence_centerRange<10.2.1

oracle communications_services_gatekeeperRange<6.1.0.4.0

oracle enterprise_manager_ops_centerMatch12.2.2

oracle enterprise_manager_ops_centerMatch12.3.3

oracle goldengate_for_big_dataMatch12.2.0.1

oracle goldengate_for_big_dataMatch12.3.1.1

oracle goldengate_for_big_dataMatch12.3.2.1

oracle health_sciences_information_managerMatch3.0

oracle healthcare_master_person_indexMatch3.0

oracle healthcare_master_person_indexMatch4.0

oracle insurance_calculation_engineMatch10.1.1

oracle insurance_calculation_engineMatch10.2

oracle insurance_calculation_engineMatch10.2.1

oracle insurance_rules_paletteMatch10.0

oracle insurance_rules_paletteMatch10.1

oracle insurance_rules_paletteMatch10.2

oracle insurance_rules_paletteMatch11.0

oracle insurance_rules_paletteMatch11.1

oracle primavera_gatewayMatch15.2

oracle primavera_gatewayMatch16.2

oracle primavera_gatewayMatch17.12

oracle retail_back_officeMatch14.0

oracle retail_back_officeMatch14.1

oracle retail_central_officeMatch14.0

oracle retail_central_officeMatch14.1

oracle retail_customer_insightsMatch15.0

oracle retail_customer_insightsMatch16.0

oracle retail_integration_busMatch14.0.1

oracle retail_integration_busMatch14.0.2

oracle retail_integration_busMatch14.0.3

oracle retail_integration_busMatch14.0.4

oracle retail_integration_busMatch14.1.1

oracle retail_integration_busMatch14.1.2

oracle retail_integration_busMatch14.1.3

oracle retail_integration_busMatch15.0.0.1

oracle retail_integration_busMatch15.0.1

oracle retail_integration_busMatch15.0.2

oracle retail_integration_busMatch16.0

oracle retail_integration_busMatch16.0.1

oracle retail_integration_busMatch16.0.2

oracle retail_open_commerce_platformMatch5.3.0

oracle retail_open_commerce_platformMatch6.0.0

oracle retail_open_commerce_platformMatch6.0.1

oracle retail_order_brokerMatch5.1

oracle retail_order_brokerMatch5.2

oracle retail_order_brokerMatch15.0

oracle retail_order_brokerMatch16.0

oracle retail_point-of-saleMatch14.0

oracle retail_point-of-saleMatch14.1

oracle retail_predictive_application_serverMatch14.0

oracle retail_predictive_application_serverMatch14.1

oracle retail_predictive_application_serverMatch15.0

oracle retail_predictive_application_serverMatch16.0

oracle retail_returns_managementMatch14.0

oracle retail_returns_managementMatch14.1

oracle service_architecture_leveraging_tuxedoMatch12.1.3.0.0

oracle service_architecture_leveraging_tuxedoMatch12.2.2.0.0

oracle tape_library_acslsMatch8.4

[
  {
    "product": "Spring Framework",
    "vendor": "Spring by Pivotal",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 5.0.5 and 4.3.15"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2669
oracle	www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
access	www.access.redhat.com/errata/RHSA-2018:1320
oracle	www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
pivotal	www.pivotal.io/security/cve-2018-1272
oracle	www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
oracle	www.oracle.com/security-alerts/cpujul2020.html
securityfocus	www.securityfocus.com/bid/103697
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Apr 2018 13:29Current

8.3High risk

Vulners AI Score8.3

CVSS26

CVSS37.5

EPSS0.02197