Lucene search

CVE-2018-1199

🗓️ 16 Mar 2018 20:00:29Reported by [email protected]Type

Spring Security doesn't consider URL path parameters when processing security constraints, allowing bypass via special encodings

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 18
Cvelist	CVE-2018-1199	16 Mar 201820:00	–	cvelist
RedhatCVE	CVE-2018-1199	5 Feb 201811:49	–	redhatcve
Veracode	Security Constraint Bypass	31 Jan 201803:11	–	veracode
Veracode	Directory Traversal	6 Apr 201801:47	–	veracode
OSV	CVE-2018-1199	16 Mar 201820:29	–	osv
OSV	Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core	17 Oct 201820:01	–	osv
UbuntuCve	CVE-2018-1199	16 Mar 201800:00	–	ubuntucve
Github Security Blog	Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core	17 Oct 201820:01	–	github
Prion	Security feature bypass	16 Mar 201820:29	–	prion
CVE	CVE-2018-1199	16 Mar 201820:29	–	cve

Nvd

Node

vmware spring_frameworkRange4.3.0–4.3.14

vmware spring_frameworkRange5.0.0–5.0.3

vmware spring_securityRange4.1.0–4.1.5

vmware spring_securityRange4.2.0–4.2.4

vmware spring_securityRange5.0.0–5.0.1

Node

redhat fuseMatch1.0

Node

oracle rapid_planningMatch12.1

oracle rapid_planningMatch12.2

oracle retail_xstore_point_of_serviceMatch7.1

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2405
lists	www.lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E
pivotal	www.pivotal.io/security/cve-2018-1199
oracle	www.oracle.com/security-alerts/cpujul2020.html
lists	www.lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
lists	www.lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Mar 2018 20:29Current

6.2Medium risk

Vulners AI Score6.2

CVSS25

CVSS35.3

EPSS0.01436

CWE-20