131 matches found
CVE-2022-22971
CVE-2022-22971 affects Spring Framework/Tanzu with a vulnerability in the STOMP over WebSocket endpoint that can allow authenticated users to trigger a denial-of-service. The connected IBM bulletin shows affected IBM Storage Copy Data Management versions (2.2.x) and provides a fixed release path:...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
PT-2022-6999 · Unknown +1 · Spring Framework +1
Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.20 Spring Framework versions prior to 5.2.22 Spring Framework old unsupported versions Description: The application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an...
Post-Exploitation Framework for Linux Written in Bash: Orc
Orc is a simple post-exploitation written in bash. I wrote this because I myself needed a more featureful post-exploitation toolkit for Linux. It’s part of a larger bundle of scripts and tools, but I’ll add those as I write and re-write them. It takes the form of an ENV script, so load orc into a...
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...
GHSA-3RMV-2PG5-XVQJ Spring Framework has Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
Denial of Service in org.springframework:spring-core
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
GHSA-RCPF-VJ53-7H2M Denial of Service in org.springframework:spring-core
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
spring-framework: Address partial fix for CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
The vulnerability of the spring-messaging module in the Spring Framework software platform allows a hacker to gain full control over the application.
The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full control over the application through a specially crafted message...
spring-framework: ReDoS Attack with spring-messaging
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
Pivotal Spring Java Framework 5.0.x Remote Code Execution
Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector"...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...