Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2635.NASL
HistoryApr 27, 2021 - 12:00 a.m.

Debian DLA-2635-1 : libspring-java security update

2021-04-2700:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36

9.7 High

AI Score

Confidence

Low

JSON

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS (denial of service) in specific configurations.

CVE-2018-1270

Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVE-2018-11039

Spring Framework allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

CVE-2018-11040

Spring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the โ€˜jsonpโ€™ and โ€˜callbackโ€™ JSONP parameters, enabling cross-domain requests.

CVE-2018-15756

Spring Framework provides support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.

For Debian 9 stretch, these problems have been fixed in version 4.3.5-1+deb9u1.

We recommend that you upgrade your libspring-java packages.

For the detailed security status of libspring-java please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/libspring-java

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2635-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(149004);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/12");

  script_cve_id("CVE-2018-11039", "CVE-2018-11040", "CVE-2018-1270", "CVE-2018-15756");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Debian DLA-2635-1 : libspring-java security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Multiple vulnerabilities were discovered in libspring-java, a modular
Java/J2EE application framework. An attacker may execute code, perform
XST attack, issue unauthorized cross-domain requests or cause a DoS
(denial of service) in specific configurations.

CVE-2018-1270

Spring Framework allows applications to expose STOMP over WebSocket
endpoints with a simple, in-memory STOMP broker through the
spring-messaging module. A malicious user (or attacker) can craft a
message to the broker that can lead to a remote code execution attack.

CVE-2018-11039

Spring Framework allows web applications to change the HTTP request
method to any HTTP method (including TRACE) using the
HiddenHttpMethodFilter in Spring MVC. If an application has a
pre-existing XSS vulnerability, a malicious user (or attacker) can use
this filter to escalate to an XST (Cross Site Tracing) attack.

CVE-2018-11040

Spring Framework allows web applications to enable cross-domain
requests via JSONP (JSON with Padding) through
AbstractJsonpResponseBodyAdvice for REST controllers and
MappingJackson2JsonView for browser requests. Both are not enabled by
default in Spring Framework nor Spring Boot, however, when
MappingJackson2JsonView is configured in an application, JSONP support
is automatically ready to use through the 'jsonp' and 'callback' JSONP
parameters, enabling cross-domain requests.

CVE-2018-15756

Spring Framework provides support for range requests when serving
static resources through the ResourceHttpRequestHandler, or starting
in 5.0 when an annotated controller returns an
org.springframework.core.io.Resource. A malicious user (or attacker)
can add a range header with a high number of ranges, or with wide
ranges that overlap, or both, for a denial of service attack.

For Debian 9 stretch, these problems have been fixed in version
4.3.5-1+deb9u1.

We recommend that you upgrade your libspring-java packages.

For the detailed security status of libspring-java please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libspring-java

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/libspring-java"
  );
  # https://security-tracker.debian.org/tracker/source-package/libspring-java
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6bb4a348"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1270");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-aop-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-beans-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-context-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-context-support-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-core-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-expression-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-instrument-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-jdbc-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-jms-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-messaging-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-orm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-oxm-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-test-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-transaction-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-web-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-web-portlet-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libspring-web-servlet-java");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"libspring-aop-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-beans-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-context-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-context-support-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-core-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-expression-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-instrument-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-jdbc-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-jms-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-messaging-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-orm-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-oxm-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-test-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-transaction-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-web-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-web-portlet-java", reference:"4.3.5-1+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libspring-web-servlet-java", reference:"4.3.5-1+deb9u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibspring-aop-javap-cpe:/a:debian:debian_linux:libspring-aop-java
debiandebian_linuxlibspring-beans-javap-cpe:/a:debian:debian_linux:libspring-beans-java
debiandebian_linuxlibspring-context-javap-cpe:/a:debian:debian_linux:libspring-context-java
debiandebian_linuxlibspring-context-support-javap-cpe:/a:debian:debian_linux:libspring-context-support-java
debiandebian_linuxlibspring-core-javap-cpe:/a:debian:debian_linux:libspring-core-java
debiandebian_linuxlibspring-expression-javap-cpe:/a:debian:debian_linux:libspring-expression-java
debiandebian_linuxlibspring-instrument-javap-cpe:/a:debian:debian_linux:libspring-instrument-java
debiandebian_linuxlibspring-jdbc-javap-cpe:/a:debian:debian_linux:libspring-jdbc-java
debiandebian_linuxlibspring-jms-javap-cpe:/a:debian:debian_linux:libspring-jms-java
debiandebian_linuxlibspring-messaging-javap-cpe:/a:debian:debian_linux:libspring-messaging-java
Rows per page:
1-10 of 181

Related

osv 11
openvas 1
debian 1
ibm 17
symantec 1
nessus 11
debiancve 5
github 5
ubuntucve 5
cve 5
redhatcve 5
prion 5
veracode 5
seebug 1
atlassian 1
checkpoint_advisories 2
zdt 1
packetstorm 1
exploitdb 1
redhat 4
thn 1
f5 1
checkpoint_security 1
pentestpartners 1
oracle 11
osv
osv
libspring-java - security update
2021-04-23 00:00:00
Denial of Service in Spring Framework
2020-06-15 19:34:50
CVE-2018-15756
2018-10-18 22:29:00
openvas
openvas
Debian: Security Advisory (DLA-2635-1)
2021-04-24 00:00:00
debian
debian
[SECURITY] [DLA 2635-1] libspring-java security update
2021-04-23 18:29:29
ibm
ibm
Security Bulletin: Public disclosed vulnerability from Spring Framework affects IBM Spectrum LSF Explorer
2019-02-22 05:15:02
Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability
2019-05-06 17:30:01
Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756)
2019-03-27 18:50:01
symantec
symantec
Spring Framework CVE-2018-15756 Denial-Of-Service Vulnerability
2018-10-16 00:00:00
nessus
nessus
MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)
2020-07-24 00:00:00
Oracle GoldenGate for Big Data 12.3.1.1.x < 12.3.1.1.6 / 12.3.2.1.x < 12.3.2.1.5 Spring Framework DoS (Oct 2019 CPU)
2019-10-16 00:00:00
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
2019-04-18 00:00:00
debiancve
debiancve
CVE-2018-15756
2018-10-18 22:29:00
CVE-2018-11040
2018-06-25 15:29:00
CVE-2018-11039
2018-06-25 15:29:00
github
github
Denial of Service in Spring Framework
2020-06-15 19:34:50
Moderate severity vulnerability that affects org.springframework:spring-core
2018-10-16 17:43:45
Spring Framework Cross Site Tracing (XST)
2018-10-16 17:35:54
ubuntucve
ubuntucve
CVE-2018-15756
2018-10-18 00:00:00
CVE-2018-11039
2018-06-25 00:00:00
CVE-2018-11040
2018-06-25 00:00:00
cve
cve
CVE-2018-15756
2018-10-18 22:29:00
CVE-2018-11040
2018-06-25 15:29:00
CVE-2018-11039
2018-06-25 15:29:00
redhatcve
redhatcve
CVE-2018-15756
2018-10-25 12:49:01
CVE-2018-11040
2018-10-17 04:50:03
CVE-2018-11039
2018-10-17 04:49:30
prion
prion
Denial of service
2018-10-18 22:29:00
Cross site scripting
2018-06-25 15:29:00
Cross site scripting
2018-06-25 15:29:00
veracode
veracode
Denial Of Service (DoS)
2018-10-19 02:43:50
Cross-Site Tracing (XST)
2018-06-18 05:37:04
Cross-Domain Request Through Insecure JSONP Defaults
2018-06-18 06:07:22
seebug
seebug
spring-messaging Remote Code Execution(CVE-2018-1270)
2018-04-08 00:00:00
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
checkpoint_advisories
checkpoint_advisories
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
2019-02-19 00:00:00
VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)
2018-04-12 00:00:00
zdt
zdt
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
2018-05-29 00:00:00
packetstorm
packetstorm
Pivotal Spring Java Framework 5.0.x Remote Code Execution
2018-05-29 00:00:00
exploitdb
exploitdb
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-05-29 00:00:00
redhat
redhat
(RHSA-2020:3133) Important: Red Hat AMQ Broker 7.4.4 release and security update
2020-07-23 15:06:14
(RHSA-2018:1320) Critical: Red Hat OpenShift Application Runtimes security and bug fix update
2018-05-03 17:05:40
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
thn
thn
Remote Execution Flaw Threatens Apps Built Using Spring Framework โ€” Patch Now
2018-04-06 07:58:00
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
pentestpartners
pentestpartners
Vulnerabilities that arenโ€™t. Cross Site Tracing / XST
2022-01-25 06:08:46
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00

9.7 High

AI Score

Confidence

Low

JSON
Related for DEBIAN_DLA-2635.NASL
osv11openvas1debian1ibm17symantec1nessus11debiancve5github5ubuntucve5cve5redhatcve5prion5veracode5seebug1atlassian1checkpoint_advisories2zdt1packetstorm1exploitdb1redhat4thn1f51checkpoint_security1pentestpartners1oracle11