Lucene search
K

18 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.299 views

K29042031: Multiple Spring Framework vulnerabilities

Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...

9.8CVSS8.8AI score0.95649EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2021/04/27 12:0 a.m.87 views

Debian DLA-2635-1 : libspring-java security update

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS denial of service in specific configurations. CVE-2018-1270 Spring Framework allows...

9.8CVSS7.7AI score0.77245EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2021/04/24 12:0 a.m.37 views

Debian: Security Advisory (DLA-2635-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.77245EPSS
Exploits5References4
Debian
Debian
added 2021/04/23 6:29 p.m.151 views

[SECURITY] [DLA 2635-1] libspring-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2635-1 [email protected] https://www.debian.org/lts/security/ April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

9.8CVSS9.6AI score0.77245EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2019/10/02 12:0 a.m.390 views

Spring Framework < 4.3.16 / 5.0.x < 5.0.5 Remote Code Execution with spring-messaging (CVE-2018-1270)

The remote host contains a Spring Framework library version that is 4.3.x prior to 4.3.16 or 5.0.x prior to 5.0.5. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, by sending a special craft message to the broker that can...

9.8CVSS8.7AI score0.77245EPSS
Exploits5References2
Check Point Advisories
Check Point Advisories
added 2019/02/19 12:0 a.m.11 views

Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)

A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...

7.5CVSS2.6AI score0.77245EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2018/10/17 8:28 p.m.54 views

Spring Framework has Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.4AI score0.77245EPSS
Exploits5References18Affected Software1
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.205 views

Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update

An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.7AI score0.99988EPSS
Exploits54References10
Packet Storm
Packet Storm
added 2018/05/29 12:0 a.m.84 views

Pivotal Spring Java Framework 5.0.x Remote Code Execution

Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
0day.today
0day.today
added 2018/05/29 12:0 a.m.95 views

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 p.m.84 views

Critical: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.9AI score0.77245EPSS
Exploits8References8
Check Point Advisories
Check Point Advisories
added 2018/04/12 12:0 a.m.7 views

VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)

A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.77245EPSS
Exploits5
Veracode
Veracode
added 2018/04/10 5:18 a.m.33 views

Remote Code Execution (RCE)

spring-messaging is susceptible to remote code execution RCE attack. The vulnerability exists due to incomplete fix of CVE-2018-1270 for 4.3.x branch...

9.8CVSS9.7AI score0.77245EPSS
Exploits5References20Affected Software3
seebug.org
seebug.org
added 2018/04/08 12:0 a.m.857 views

spring-messaging Remote Code Execution(CVE-2018-1270)

漏洞公告 2018年4月5日漏洞公布: https://pivotal.io/security/cve-2018-1270 漏洞影响版本: Spring Framework 5.0 to 5.0.4 Spring Framework 4.3 to 4.3.14 Older unsupported versions are also affected 环境搭建 利用官方示例 https://github.com/spring-guides/gs-messaging-stomp-websocket ,git clone后checkout到未更新版本: git clone...

7.5CVSS0.77245EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2018/04/06 1:29 p.m.66 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS7.6AI score0.77245EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/04/06 1:0 p.m.47 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.6AI score0.77245EPSS
Exploits5References16
CVE
CVE
added 2018/04/06 1:0 p.m.277 views

CVE-2018-1270

Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...

9.8CVSS9.4AI score0.77245EPSS
Exploits5References16Affected Software1
RedhatCVE
RedhatCVE
added 2018/04/06 8:18 a.m.57 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS5.6AI score0.77245EPSS
Exploits5References2
Rows per page
Query Builder