CVE-2018-1261

Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the filename gets concatenated to th...

CVE-2018-1258

CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

CVE-2018-1261

The CVE-2018-1261 entry concerns spring-integration-zip. Affected component: spring-integration-zip prior to version 1.0.1. Vulnerability: arbitrary file write via path traversal in zip archives (including nested formats like zip, tar, 7z, etc.) when a crafted filename is concatenated to the targ...

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

CVE-2018-1260

CVE-2018-1260 concerns Spring Security OAuth; remote code execution is possible in affected releases. The vulnerability affects Spring Security OAuth versions prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, and 2.0 prior to 2.0.15 and older unsupported versions. A malicious user can craft...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

CVE-2018-1259

CVE-2018-1259 involves Spring Data Commons (versions 1.13 before 1.13.12 and 2.0 before 2.0.7) used with XMLBeam 1.4.14 or earlier. The vulnerability is due to improper restriction of XML external entity references, causing an XMLBeam-based property binder to be vulnerable to an XXE attack. An un...

Spring Security OAuth Remote Command Execution Vulnerability (CNVD-2018-09368)

Spring is a lightweight Java development framework . Security OAuth provides a Spring Security authorization filter. A remote command execution vulnerability exists in Spring Security OAuth. A malicious user or attacker can make an authorization request to an authorization endpoint that results i...

RCE with spring-security-oauth2 分析(CVE-2018-1260)

漏洞公告 环境搭建 利用github上已有的demo： git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本，以这里为例为2.0.10 进入spring-security-oauth2-example，修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...

XML External Entity (XXE)

spring-data-commons is vulnerable to XML external entity XXE attacks. The application does not explicitly disable document type declarations by default, allowing a malicious user to pass an XML file that can lead to information disclosure...

Unauthorised Access Through Method Security

spring-security-config is vulnerable to unauthorized access through method security. It is possible because it does not check the authenticated users hold the required authority to access the methods...

Regular Expression Denial Of Service (ReDoS)

spring-messaging is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS...

Remote Code Execution (RCE)

spring-security-oauth2 is vulnerable to remote code execution RCE attacks. The vulnerability occurs when a malicious user can insert an RCE payload into an authorization request to the authroization endpoint, and is executed when the resource owner is forwarded to the approval endpoint. This...

Arbitrary File Write

spring-integration-zip is vulnerable to arbitrary file write attacks. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process...

Pivotal Spring Cloud SSO Connector Authentication Vulnerability

Pivotal Spring Cloud SSO Connector is a single sign-on connector for Cloud Foundry from Pivotal Software. A security vulnerability exists in Pivotal Spring Cloud SSO Connector version 2.1.2. An attacker can exploit the vulnerability to authenticate to an unbound resource server...

Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability

...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview org.springframework.integration:spring-integration-zip provides Zip un- compression support. Affected versions of the package are vulnerable to Arbitrary File Write via Archive Extraction AKA "Zip Slip". It is exploited using a specially crafted zip archive, that holds path traversal...

Input validation

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...