Lucene search
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SPRING_CVE-2018-1271.NASLHistoryDec 21, 2018 - 12:00 a.m.
Spring Framework 4.3.x < 4.3.15 / 5.0.x < 5.0.5 Windows Directory Traversal Vulnerability (CVE-2018-1271)
2018-12-2100:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
51
The remote Windows host contains a Spring Framework library version that is 4.3.x prior to 4.3.15 or 5.0.x prior to 5.0.5. It is, therefore, affected by a directory traversal vulnerability. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server’s restricted path.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(119846);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2018-1271");
script_name(english:"Spring Framework 4.3.x < 4.3.15 / 5.0.x < 5.0.5 Windows Directory Traversal Vulnerability (CVE-2018-1271)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a web application framework library that is
affected by a directory traversal vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host contains a Spring Framework library version
that is 4.3.x prior to 4.3.15 or 5.0.x prior to 5.0.5. It is,
therefore, affected by a directory traversal vulnerability. An
unauthenticated, remote attacker can exploit this, by sending a URI
that contains directory traversal characters, to disclose the
contents of files located outside of the server's restricted path.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://pivotal.io/security/cve-2018-1271");
script_set_attribute(attribute:"solution", value:
"Upgrade to Spring Framework version 4.3.15 or 5.0.5 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1271");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"d2_elliot_name", value:"Spring MVC File Disclosure");
script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/05");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:pivotal_software:spring_framework");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("os_fingerprint.nasl", "jar_detect_win.nbin");
script_require_keys("installed_sw/Pivotal Software Spring Framework", "Settings/ParanoidReport");
exit(0);
}
include("vcf.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app = "Pivotal Software Spring Framework";
get_install_count(app_name:app, exit_if_zero:TRUE);
# only Windows is affected
os = get_kb_item_or_exit("Host/OS");
if ('windows' >!< tolower(os))
audit(AUDIT_OS_NOT, "Windows");
app_info = vcf::get_app_info(app:app, win_local:TRUE);
constraints = [
{ "min_version":"4.3", "fixed_version":"4.3.15" },
{ "min_version":"5.0", "fixed_version":"5.0.5" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pivotal_software | spring_framework | cpe:/a:pivotal_software:spring_framework |
Related
osv
osv
CVE-2018-1271
2018-04-06 13:29:00
Path Traversal in org.springframework:spring-core
2018-10-17 20:07:03
cve
cve
CVE-2018-1271
2018-04-06 13:29:00
ubuntucve
ubuntucve
CVE-2018-1271
2018-04-06 00:00:00
nuclei
nuclei
Spring MVC Framework - Local File Inclusion
2020-06-03 00:53:25
prion
prion
Directory traversal
2018-04-06 13:29:00
redhatcve
redhatcve
CVE-2018-1271
2018-04-24 02:48:44
debiancve
debiancve
CVE-2018-1271
2018-04-06 13:29:00
github
github
Path Traversal in org.springframework:spring-core
2018-10-17 20:07:03
dsquare
dsquare
Spring MVC File Disclosure
2018-12-28 00:00:00
veracode
veracode
Directory Traversal
2018-04-06 01:47:14
thn
thn
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
redhat
redhat
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Related for SPRING_CVE-2018-1271.NASL