Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2018-1257HistoryMay 11, 2018 - 8:29 p.m.
CVE-2018-1257
2018-05-1120:29:00
Debian Security Bug Tracker
security-tracker.debian.org
9
0.002 Low
EPSS
Percentile
51.0%
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libspring-java | < 4.3.19-1 | libspring-java_4.3.19-1_all.deb |
| Debian | 11 | all | libspring-java | < 4.3.19-1 | libspring-java_4.3.19-1_all.deb |
| Debian | 10 | all | libspring-java | < 4.3.19-1 | libspring-java_4.3.19-1_all.deb |
| Debian | 999 | all | libspring-java | < 4.3.19-1 | libspring-java_4.3.19-1_all.deb |
| Debian | 13 | all | libspring-java | < 4.3.19-1 | libspring-java_4.3.19-1_all.deb |
Related
osv
osv
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
CVE-2018-1257
2018-05-11 20:29:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-05-10 07:02:28
redhatcve
redhatcve
CVE-2018-1257
2018-05-15 22:19:45
github
github
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
cve
cve
CVE-2018-1257
2018-05-11 20:29:00
prion
prion
Code injection
2018-05-11 20:29:00
ubuntucve
ubuntucve
CVE-2018-1257
2018-05-11 00:00:00
f5
f5
K31022653 : Spring Framework vulnerability CVE-2018-1257
2018-05-24 00:00:00
redhat
redhat
ibm
ibm
nessus
nessus
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
2019-04-18 00:00:00
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
2019-05-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00