Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-1274
HistoryApr 18, 2018 - 4:29 p.m.

CVE-2018-1274

2018-04-1816:29:00
CWE-770
[email protected]
web.nvd.nist.gov
8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.3%

JSON

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).

Affected configurations

Nvd
Node
pivotal_softwarespring_data_commonsRange1.131.13.10
OR
pivotal_softwarespring_data_commonsRange2.02.0.5
Node
pivotal_softwarespring_data_restRange2.62.6.10
OR
pivotal_softwarespring_data_restRange3.03.0.5
VendorProductVersionCPE
pivotal_softwarespring_data_commons*cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
pivotal_softwarespring_data_rest*cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*

Related

prion 1
cve 1
osv 2
github 1
veracode 1
redhatcve 1
cvelist 1
f5 1
oracle 1
prion
prion
Path traversal
2018-04-18 16:29:00
cve
cve
CVE-2018-1274
2018-04-18 16:29:00
osv
osv
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
2018-10-17 17:23:44
CVE-2018-1274
2018-04-18 16:29:00
github
github
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
2018-10-17 17:23:44
veracode
veracode
Denial Of Service (DoS)
2018-04-11 00:27:25
redhatcve
redhatcve
CVE-2018-1274
2018-04-11 05:19:57
cvelist
cvelist
CVE-2018-1274
2018-04-18 16:00:00
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

74.3%

JSON
Related for NVD:CVE-2018-1274
prion1cve1osv2github1veracode1redhatcve1cvelist1f51oracle1