PT-2018-3861 · Tibco +1 · Tibco Jasperreports Server +5

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions up to and including 6.4.2 TIBCO JasperReports Server Community Edition versions up to and including 6.4.2 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO Jaspersoft...

Threatpost RSA Conference 2018 Preview

The RSA Conference 2018 kicks off this week in San Francisco, drawing attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools for the coming year. This year’s conference has more than 650 exhibitors and 550 sessions covering...

Pivotal Spring Framework Remote Elevation of Privilege Vulnerability

Pivotal Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. A remote elevation of privilege vulnerability exists in Pivotal Spring Framework. An attacker can exploit to gain elevated privileges. A failed exploit attempt could result in ...

Spring Data Commons Denial of Service Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...

VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)

A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

Pivotal Spring Framework Directory Traversal Vulnerability

Pivotal Spring Framework is the U.S. Pivotal Software, Inc. of a set of open source Java, Java EE application framework. A directory traversal vulnerability exists in Pivotal Spring Framework. A remote attacker can use the directory traversal character "..." to access an arbitrary file that...

Spring Framework Spring-messaging Remote Code Execution Vulnerability

Spring Framework is the U.S. Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in Spring Framework Spring-messaging. An attacker can exploit the vulnerability to...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

Remote code execution

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

Design/Logic Flaw

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

CVE-2018-1273

CVE-2018-1273 is a remote code execution vulnerability in Spring Data Commons (affecting versions prior to 1.13.10 and 2.0–2.0.5, plus older unsupported builds). An unauthenticated attacker could supply crafted request parameters against Spring Data REST HTTP resources or via Spring Data projecti...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1275

CVE-2018-1275 affects Spring Framework’s spring-messaging module: STOMP over WebSocket exposure in 5.0.x (pre-5.0.5) and 4.3.x (pre-4.3.16). A malicious message to the in‑memory STOMP broker can lead to remote code execution. Public advisories note fixes in respective branches; for Debian 9, libs...

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

CVE-2018-1275

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...