Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-11039

Published: 25/06/2018 Updated: 23/06/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Vmware

Vulnerability Summary

Spring Framework (versions 5.0.x before 5.0.7, versions 4.3.x before 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring framework

oracle retail xstore point of service 7.1

oracle weblogic server 12.1.3.0.0

oracle application testing suite 12.5.0.3

oracle hospitality guest access 4.2.0

oracle hospitality guest access 4.2.1

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.2.1.3.0

oracle enterprise manager ops center 12.3.3

oracle primavera p6 enterprise project portfolio management 18.8

oracle application testing suite 13.1.0.1

oracle application testing suite 13.2.0.1

oracle application testing suite 13.3.0.1

oracle communications diameter signaling router

oracle communications performance intelligence center

oracle communications services gatekeeper

oracle endeca information discovery integrator 3.1.0

oracle endeca information discovery integrator 3.2.0

oracle health sciences information manager 3.0

oracle healthcare master person index 3.0

oracle healthcare master person index 4.0

oracle insurance calculation engine 10.2

oracle insurance rules palette 10.0

oracle insurance rules palette 10.2

oracle retail customer insights 15.0

oracle retail customer insights 16.0

oracle enterprise manager for mysql database 13.2

oracle retail predictive application server 16.0

oracle agile plm 9.3.3

oracle agile plm 9.3.4

oracle agile plm 9.3.5

oracle agile plm 9.3.6

oracle communications network integrity

oracle communications online mediation controller 6.1

oracle communications unified inventory management 7.3.2

oracle communications unified inventory management 7.3.4

oracle communications unified inventory management 7.3.5

oracle communications unified inventory management 7.4.0

oracle enterprise manager base platform 12.1.0.5.0

oracle enterprise manager base platform 13.2.0.0.0

oracle enterprise manager base platform 13.3.0.0.0

oracle insurance calculation engine

oracle micros lucas 2.9.5

oracle mysql enterprise monitor

oracle retail advanced inventory planning 15.0

oracle retail assortment planning 14.1

oracle retail assortment planning 15.0

oracle retail assortment planning 16.0

oracle retail clearance optimization engine 14.0.5

oracle retail financial integration 13.2

oracle retail financial integration 14.0

oracle retail financial integration 14.1

oracle retail financial integration 15.0

oracle retail financial integration 16.0

oracle retail integration bus 14.1.2

oracle retail markdown optimization 13.4.4

oracle retail predictive application server 14.0.3.26

oracle retail predictive application server 14.1.3.37

oracle retail predictive application server 15.0.3..100

oracle utilities network management system 1.12.0.3

debian debian linux 9.0

Github Repositories

https://github.com/alemati/cybersecuritybase-project

cybersecuritybase-project LINK: githubcom/alemati/cybersecuritybase-project Installation: down repository using commad 'git clone githubcom/alemati/cybersecuritybase-project’ open project in your IDE and start the program program will run in localhost:8080/ Program gives user an opportunity to create an account and keep track of his/her ban

References

NVD-CWE-noinfohttps://pivotal.io/security/cve-2018-11039http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttp://www.securityfocus.com/bid/107984https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://nvd.nist.govhttps://github.com/alemati/cybersecuritybase-project
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook