Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-11039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request...

5.9CVSS6.2AI score0.02781EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/27 12:0 a.m.88 views

Debian DLA-2635-1 : libspring-java security update

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS denial of service in specific configurations. CVE-2018-1270 Spring Framework allows...

9.8CVSS7.7AI score0.77245EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2021/04/24 12:0 a.m.37 views

Debian: Security Advisory (DLA-2635-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.77245EPSS
Exploits5References4
Debian
Debian
added 2021/04/23 6:29 p.m.151 views

[SECURITY] [DLA 2635-1] libspring-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2635-1 [email protected] https://www.debian.org/lts/security/ April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

9.8CVSS9.6AI score0.77245EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2018/10/18 12:0 a.m.57 views

Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (October 2018 CPU)

According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.4 prior to 8.4.15.7, 15.x prior to 15.2.18.2, 16.x prior to 16.2.16.1, 17.x prior to 17.12.9.0, or 18.x prior to 18.8.2.1. It is,...

6.1CVSS6.4AI score0.02781EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2018/10/16 5:35 p.m.4 views

ai.foremast.metrics:foremast-spring-4x-k8s-metrics (>=0.1.6 <=0.2.0), at.porscheinformatik.zanata:zanata-spring (>=1.0.0.RELEASE <=1.1.0.RELEASE) +2978 more potentially affected by CVE-2018-11039 via org.springframework:spring-web (>=4.3.0.RELEASE <=4.3.17.RELEASE)

org.springframework:spring-web MAVEN version =4.3.0.RELEASE, =0.1.6, =1.0.0.RELEASE, =1.6, =1.6, =1.0.10, =0.2.13, =0.2.13, =0.2.13, =0.7, =1.7.2, =1.1.3, =1.1.7 - ch.rasc:wampspring =1.1.2 - ch.rasc:wampspring-security =1.1.2 - ch.rasc:wampspring-session =1.1.2 and more Source cves: CVE-2018-110...

5.9CVSS6.7AI score0.02781EPSS
Exploits0
NVD
NVD
added 2018/06/25 3:29 p.m.31 views

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS6.5AI score0.02781EPSS
Exploits0References10
OSV
OSV
added 2018/06/25 3:29 p.m.28 views

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

5.9CVSS5.8AI score0.02781EPSS
Exploits0References10
CVE
CVE
added 2018/06/25 3:0 p.m.182 views

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

5.9CVSS6.9AI score0.02781EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2018/06/25 3:0 p.m.44 views

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

7.3AI score0.02781EPSS
Exploits0References10
Rows per page
Query Builder