Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2018-1257

Published: 11/05/2018 Updated: 23/06/2022
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Vmware

Vulnerability Summary

Spring Framework, versions 5.0.x before 5.0.6, versions 4.3.x before 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring framework

redhat openshift -

oracle flexcube private banking 2.2.0.1

oracle weblogic server 12.1.3.0.0

oracle primavera gateway 16.2

oracle primavera gateway 15.2

oracle application testing suite 12.5.0.3

oracle hospitality guest access 4.2.0

oracle hospitality guest access 4.2.1

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.2.1.3.0

oracle enterprise manager ops center 12.3.3

oracle communications diameter signaling router

oracle communications performance intelligence center

oracle communications services gatekeeper

oracle insurance rules palette 10.0

oracle insurance rules palette 10.2

oracle health sciences information manager 3.0

oracle healthcare master person index 3.0

oracle application testing suite 13.1.0.1

oracle application testing suite 13.3.0.1

oracle endeca information discovery integrator 3.2.0

oracle healthcare master person index 4.0

oracle retail open commerce platform 6.0.1

oracle application testing suite 13.2.0.1

oracle endeca information discovery integrator 3.1.0

oracle retail customer insights 15.0

oracle retail customer insights 16.0

oracle insurance calculation engine 10.2

oracle enterprise manager base platform 12.1.0.5.0

oracle enterprise manager base platform 13.2.0.0.0

oracle enterprise manager base platform 13.3.0.0.0

oracle communications converged application server

oracle insurance calculation engine 10.2.1

oracle insurance rules palette 10.1

oracle retail order broker 15.0

oracle retail order broker 16.0

oracle retail predictive application server 14.0

oracle retail predictive application server 14.1

oracle utilities network management system 1.12.0.3

oracle agile product lifecycle management 9.3.3

oracle agile product lifecycle management 9.3.4

oracle agile product lifecycle management 9.3.5

oracle agile product lifecycle management 9.3.6

oracle goldengate for big data 12.3.1.1

oracle goldengate for big data 12.3.2.1

oracle primavera gateway 17.12

oracle retail open commerce platform 5.3.0

oracle goldengate for big data 12.2.0.1

oracle insurance rules palette 11.0

oracle retail order broker 5.2

oracle retail predictive application server 15.0

oracle service architecture leveraging tuxedo 12.1.3.0.0

oracle tape library acsls 8.4

oracle big data discovery 1.6.0

oracle enterprise manager for mysql database 13.2

oracle insurance calculation engine 10.1.1

oracle insurance rules palette 11.1

oracle retail open commerce platform 6.0.0

oracle retail order broker 5.1

oracle retail predictive application server 16.0

oracle service architecture leveraging tuxedo 12.2.2.0.0

oracle flexcube private banking 2.0.0.0

oracle flexcube private banking 12.0.1.0

oracle flexcube private banking 12.0.3.0

oracle flexcube private banking 12.1.0.0

oracle communications unified inventory management 7.3.2

oracle communications unified inventory management 7.3.5

oracle communications unified inventory management 7.3.4

oracle communications unified inventory management 7.4.0

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update
Synopsis Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Important: Red Hat Fuse 7.2 security update
Synopsis Important: Red Hat Fuse 72 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat: CVE-2018-1257
Spring Framework, versions 50x prior to 506, versions 43x prior to 4317, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression ...

References

NVD-CWE-noinfohttps://pivotal.io/security/cve-2018-1257http://www.securityfocus.com/bid/104260https://access.redhat.com/errata/RHSA-2018:1809http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://access.redhat.com/errata/RHSA-2018:3768https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:1809
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook