Lucene search
K

6 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.36 views

K31022653: Spring Framework vulnerability CVE-2018-1257

Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...

6.5CVSS6.9AI score0.03279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 8:2 p.m.7 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +21320 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=1.2 <=4.3.16.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.6, =0.1.4-SB1X, =0.1.0, =4.2.1, =4.4.1, =0.1.0, =1.0, =5.0.9, =5.1.0 and more Source cves: CVE-2018-1257 Source advisory: OSV:GHSA-RCPF-VJ53-7H2M...

6.5CVSS6.7AI score0.03279EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/06/07 8:25 a.m.70 views

Important: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.8AI score0.08352EPSS
Exploits3References6
OSV
OSV
added 2018/05/11 8:29 p.m.3 views

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References1
CVE
CVE
added 2018/05/11 8:0 p.m.143 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.03279EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2018/05/11 8:0 p.m.34 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0
Rows per page
Query Builder