Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2018:1320
HistoryMay 03, 2018 - 5:05 p.m.

(RHSA-2018:1320) Critical: Red Hat OpenShift Application Runtimes security and bug fix update

2018-05-0317:05:40
access.redhat.com
40

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.848 High

EPSS

Percentile

98.5%

JSON

Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

Security Fix(es):

  • spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)

  • spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)

  • tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)

  • tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)

  • spring-framework: Multipart content pollution (CVE-2018-1272)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

thn 1
f5 3
veracode 6
debiancve 6
redhatcve 6
osv 17
cve 6
github 6
checkpoint_advisories 2
ubuntucve 6
prion 6
nessus 35
fedora 2
debian 6
ibm 22
kaspersky 1
tomcat 4
openvas 19
freebsd 1
amazon 3
redhat 10
atlassian 3
mageia 1
centos 1
seebug 2
zdt 1
packetstorm 1
oraclelinux 1
exploitdb 1
nuclei 1
dsquare 1
ubuntu 1
checkpoint_security 1
symantec 1
oracle 8
thn
thn
Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now
2018-04-06 07:58:00
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
K32051722 : Apache Tomcat vulnerability CVE-2018-1305
2018-03-12 00:00:00
K04623854 : Apache Tomcat vulnerability CVE-2018-1304
2018-03-12 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-04-10 05:18:40
Privilege Escalation Through Multipart Content Pollution
2018-04-06 02:06:57
Remote Code Execution (RCE)
2018-04-06 01:07:42
debiancve
debiancve
CVE-2018-1275
2018-04-11 13:29:00
CVE-2018-1272
2018-04-06 13:29:00
CVE-2018-1270
2018-04-06 13:29:00
redhatcve
redhatcve
CVE-2018-1275
2018-04-09 20:20:44
CVE-2018-1272
2019-10-08 03:56:58
CVE-2018-1270
2018-04-06 08:18:54
osv
osv
Improperly Implemented Security Check for Standard in org.springframework:spring-core
2018-10-17 20:28:00
CVE-2018-1275
2018-04-11 13:29:00
tomcat7 - security update
2018-03-06 00:00:00
cve
cve
CVE-2018-1275
2018-04-11 13:29:00
CVE-2018-1272
2018-04-06 13:29:00
CVE-2018-1270
2018-04-06 13:29:00
github
github
Improperly Implemented Security Check for Standard in org.springframework:spring-core
2018-10-17 20:28:00
Possible privilege escalation in org.springframework:spring-core
2018-10-17 20:27:47
Spring Framework allows applications to expose STOMP over WebSocket endpoints
2018-10-17 20:05:59
checkpoint_advisories
checkpoint_advisories
VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)
2018-04-12 00:00:00
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
2019-02-19 00:00:00
ubuntucve
ubuntucve
CVE-2018-1275
2018-04-11 00:00:00
CVE-2018-1272
2018-04-06 00:00:00
CVE-2018-1270
2018-04-06 00:00:00
prion
prion
Remote code execution
2018-04-11 13:29:00
Input validation
2018-04-06 13:29:00
Remote code execution
2018-04-06 13:29:00
nessus
nessus
Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness
2018-02-23 00:00:00
Debian DLA-1301-1 : tomcat7 security update
2018-03-07 00:00:00
Apache Tomcat 9.0.0.M1 < 9.0.5 Insecure CGI Servlet Search Algorithm Description Weakness
2018-02-23 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: tomcat-8.0.50-1.fc26
2018-04-04 16:47:53
[SECURITY] Fedora 27 Update: tomcat-8.0.50-1.fc27
2018-04-04 17:10:49
debian
debian
[SECURITY] [DLA 1450-1] tomcat8 security update
2018-07-29 11:57:59
[SECURITY] [DLA 1301-1] tomcat7 security update
2018-03-06 13:24:42
[SECURITY] [DSA 4281-1] tomcat8 security update
2018-08-29 06:29:28
ibm
ibm
Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities
2018-06-22 03:56:40
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)
2019-02-06 22:45:01
Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat (CVE-2018-1304 and CVE-2018-1305)
2020-04-20 14:40:53
kaspersky
kaspersky
KLA11203 Multiple vulnerabilities in Apache Tomcat
2018-02-13 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.28
2018-02-11 00:00:00
Fixed in Apache Tomcat 7.0.85
2018-02-13 00:00:00
Fixed in Apache Tomcat 9.0.5
2018-02-11 00:00:00
openvas
openvas
Fedora Update for tomcat FEDORA-2018-50f0da5d38
2018-04-06 00:00:00
Debian: Security Advisory (DLA-1301-1)
2018-03-26 00:00:00
Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities - Linux
2018-02-26 00:00:00
freebsd
freebsd
tomcat -- Security constraints ignored or applied too late
2018-02-23 00:00:00
amazon
amazon
Medium: tomcat7, tomcat8
2018-03-21 22:06:00
Medium: tomcat80
2018-03-21 22:08:00
Important: tomcat
2020-03-09 19:23:00
redhat
redhat
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
(RHSA-2019:2205) Moderate: tomcat security, bug fix, and enhancement update
2019-08-06 08:13:03
(RHSA-2018:0466) Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
2018-03-07 15:08:21
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
Update bundled Apache Tomcat due to security vulnerabilities
2017-04-17 08:48:35
Update bundled Apache Tomcat due to security vulnerabilities
2017-04-17 08:48:35
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2018-02-28 16:55:21
centos
centos
tomcat security update
2019-08-30 04:27:31
seebug
seebug
spring-messaging Remote Code Execution(CVE-2018-1270)
2018-04-08 00:00:00
Apache Tomcat Security Bypass Vulnerability(CVE-2018-1305)
2018-02-27 00:00:00
zdt
zdt
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
2018-05-29 00:00:00
packetstorm
packetstorm
Pivotal Spring Java Framework 5.0.x Remote Code Execution
2018-05-29 00:00:00
oraclelinux
oraclelinux
tomcat security, bug fix, and enhancement update
2019-08-13 00:00:00
exploitdb
exploitdb
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-05-29 00:00:00
nuclei
nuclei
Spring MVC Framework - Local File Inclusion
2020-06-03 00:53:25
dsquare
dsquare
Spring MVC File Disclosure
2018-12-28 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2018-05-30 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
symantec
symantec
Apache Tomcat Vulnerabilities Jan-Aug 2018
2018-10-11 08:01:01
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
CPU July 2018
2018-07-17 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.848 High

EPSS

Percentile

98.5%

JSON
Related for RHSA-2018:1320
thn1f53veracode6debiancve6redhatcve6osv17cve6github6checkpoint_advisories2ubuntucve6prion6nessus35fedora2debian6ibm22kaspersky1tomcat4openvas19freebsd1amazon3redhat10atlassian3mageia1centos1seebug2zdt1packetstorm1oraclelinux1exploitdb1nuclei1dsquare1ubuntu1checkpoint_security1symantec1oracle8