Lucene search
K

1888 matches found

Check Point Advisories
Check Point Advisories
added 2019/02/19 12:0 a.m.11 views

Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)

A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...

7.5CVSS2.6AI score0.77245EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2019/02/12 12:0 a.m.4 views

The vulnerability of the implementation of the HiddenHttpMethodFilter mechanism in the Spring Framework’s software platform allows a perpetrator to carry out a cross-site scripting attack.

The vulnerability of the HiddenHttpMethodFilter mechanism implemented in the Spring Framework is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the TRACE method...

5.9CVSS6.2AI score0.02781EPSS
Exploits0References9Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/22 4:30 p.m.23 views

Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary There are a number of potential security vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/12/21 12:0 a.m.73 views

Spring Framework 4.3.x < 4.3.15 / 5.0.x < 5.0.5 Windows Directory Traversal Vulnerability (CVE-2018-1271)

The remote Windows host contains a Spring Framework library version that is 4.3.x prior to 4.3.15 or 5.0.x prior to 5.0.5. It is, therefore, affected by a directory traversal vulnerability. An unauthenticated, remote attacker can exploit this, by sending a URI that contains directory traversal...

5.9CVSS7.7AI score0.35681EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.194 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.2 security update

An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.6AI score0.21979EPSS
Exploits2References16
RedHat Linux
RedHat Linux
added 2018/12/04 4:0 p.m.3 views

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS7.2AI score0.03279EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/10/25 12:49 p.m.35 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS1.4AI score0.09513EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.9 views

Pivotal Spring Framework Cookie Detection

Binary data 700371.prm...

7.3AI score
Exploits0References1
Prion
Prion
added 2018/10/18 10:29 p.m.24 views

Denial of service

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

5CVSS8.1AI score0.09513EPSS
Exploits0References21Affected Software40
UbuntuCve
UbuntuCve
added 2018/10/18 10:29 p.m.33 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.1AI score0.09513EPSS
Exploits0References2
NVD
NVD
added 2018/10/18 10:29 p.m.26 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.3AI score0.09513EPSS
Exploits0References21
OSV
OSV
added 2018/10/18 10:29 p.m.36 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7AI score0.09513EPSS
Exploits0References21
OSV
OSV
added 2018/10/18 10:29 p.m.1 views

UBUNTU-CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.2AI score0.09513EPSS
Exploits0References3
OSV
OSV
added 2018/10/18 10:29 p.m.2 views

DEBIAN-CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS8.6AI score0.09513EPSS
Exploits0References1
CVE
CVE
added 2018/10/18 10:0 p.m.220 views

CVE-2018-15756

CVE-2018-15756 (Spring Framework) affects Spring Web MVC/WebFlux ranges handling: the ResourceHttpRequestHandler, or returning a Resource from an annotated controller, can be abused by a crafted Range header to trigger a denial-of-service. Affected versions include Spring Framework 5.1, 5.0.x bef...

7.5CVSS7.3AI score0.09513EPSS
Exploits0References21Affected Software1
Cvelist
Cvelist
added 2018/10/18 10:0 p.m.29 views

CVE-2018-15756 DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS8.2AI score0.09513EPSS
Exploits0References21
Debian CVE
Debian CVE
added 2018/10/18 10:0 p.m.24 views

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

7.5CVSS7.4AI score0.09513EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/10/17 8:30 p.m.36 views

Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

7.5CVSS3.4AI score0.02837EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2018/10/17 8:30 p.m.28 views

GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

7.5CVSS7.5AI score0.02837EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2018/10/17 8:29 p.m.37 views

Files or Directories Accessible to External Parties in org.springframework:spring-core

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

9.6CVSS7.6AI score0.0257EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder