Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-1199

Published: 16/03/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Vmware

Vulnerability Summary

Spring Security (Spring Security 4.1.x prior to 4.1.5, 4.2.x prior to 4.2.4, and 5.0.x prior to 5.0.1; and Spring Framework 4.3.x prior to 4.3.14 and 5.0.x prior to 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring framework

vmware spring security

redhat fuse 1.0

oracle retail xstore point of service 7.1

oracle rapid planning 12.1

oracle rapid planning 12.2

Vendor Advisories

Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
Synopsis Critical: Red Hat FIS 20 on Fuse 630 R7 security and bug fix update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Red Hat: CVE-2018-1199
Spring Security (Spring Security 41x before 415, 42x before 424, and 50x before 501; and Spring Framework 43x before 4314 and 50x before 503) does not consider URL path parameters when processing security constraints By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint ...

References

CWE-20https://pivotal.io/security/cve-2018-1199https://access.redhat.com/errata/RHSA-2018:2405https://www.oracle.com/security-alerts/cpujul2020.htmlhttps://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2018:2405https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook