10 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-11039
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request...
Debian DLA-2635-1 : libspring-java security update
Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS denial of service in specific configurations. CVE-2018-1270 Spring Framework allows...
Debian: Security Advisory (DLA-2635-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2635-1] libspring-java security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2635-1 [email protected] https://www.debian.org/lts/security/ April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (October 2018 CPU)
According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.4 prior to 8.4.15.7, 15.x prior to 15.2.18.2, 16.x prior to 16.2.16.1, 17.x prior to 17.12.9.0, or 18.x prior to 18.8.2.1. It is,...
ai.foremast.metrics:foremast-spring-4x-k8s-metrics (>=0.1.6 <=0.2.0), at.porscheinformatik.zanata:zanata-spring (>=1.0.0.RELEASE <=1.1.0.RELEASE) +2978 more potentially affected by CVE-2018-11039 via org.springframework:spring-web (>=4.3.0.RELEASE <=4.3.17.RELEASE)
org.springframework:spring-web MAVEN version =4.3.0.RELEASE, =0.1.6, =1.0.0.RELEASE, =1.6, =1.6, =1.0.10, =0.2.13, =0.2.13, =0.2.13, =0.7, =1.7.2, =1.1.3, =1.1.7 - ch.rasc:wampspring =1.1.2 - ch.rasc:wampspring-security =1.1.2 - ch.rasc:wampspring-session =1.1.2 and more Source cves: CVE-2018-110...
CVE-2018-11039
Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...
CVE-2018-11039
Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...
CVE-2018-11039
CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...
CVE-2018-11039
Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...