Lucene search
K

146 matches found

OSV
OSV
added 2018/10/17 8:28 p.m.56 views

GHSA-3RMV-2PG5-XVQJ Spring Framework has Improperly Implemented Security Check for Standard

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.4AI score0.57632EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2018/10/17 8:5 p.m.62 views

Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20Affected Software1
OSV
OSV
added 2018/10/17 8:5 p.m.290 views

GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20
Github Security Blog
Github Security Blog
added 2018/10/17 8:2 p.m.63 views

Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS5.4AI score0.03279EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2018/10/17 8:2 p.m.29 views

GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.6AI score0.03279EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.3 views

spring-framework: Address partial fix for CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS8AI score0.77245EPSS
Exploits5References4
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.12 views

The vulnerability of the spring-messaging module in the Spring Framework software platform allows a hacker to gain full control over the application.

The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full control over the application through a specially crafted message...

9.8CVSS7.2AI score0.57632EPSS
Exploits0References7Affected Software12
RedHat Linux
RedHat Linux
added 2018/06/07 8:25 a.m.2 views

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS7.2AI score0.03279EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2018/05/29 12:0 a.m.83 views

Pivotal Spring Java Framework 5.0.x Remote Code Execution

Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.222 views

Pivotal Spring Java Framework < 5.0 - Remote Code Execution

Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...

9.8CVSS0.4AI score0.77245EPSS
Exploits5
0day.today
0day.today
added 2018/05/29 12:0 a.m.95 views

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

7.5CVSS0.7AI score0.77245EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2018/05/15 10:19 p.m.26 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS5.2AI score0.03279EPSS
Exploits0References1
Prion
Prion
added 2018/05/11 8:29 p.m.20 views

Code injection

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

4CVSS7.5AI score0.03279EPSS
Exploits0References11Affected Software29
NVD
NVD
added 2018/05/11 8:29 p.m.28 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.5AI score0.03279EPSS
Exploits0References11
OSV
OSV
added 2018/05/11 8:29 p.m.22 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.6AI score0.03279EPSS
Exploits0References11
OSV
OSV
added 2018/05/11 8:29 p.m.3 views

UBUNTU-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/05/11 8:29 p.m.31 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.8AI score0.03279EPSS
Exploits0References2
OSV
OSV
added 2018/05/11 8:29 p.m.3 views

DEBIAN-CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

6.5CVSS6.7AI score0.03279EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/11 8:0 p.m.42 views

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

7.6AI score0.03279EPSS
Exploits0References11
CVE
CVE
added 2018/05/11 8:0 p.m.143 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.03279EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder