Spring Framework, versions 5.0.x before 5.0.6, versions 4.3.x before 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring framework |
||
redhat openshift - |
||
oracle flexcube private banking 2.2.0.1 |
||
oracle weblogic server 12.1.3.0.0 |
||
oracle primavera gateway 16.2 |
||
oracle primavera gateway 15.2 |
||
oracle application testing suite 12.5.0.3 |
||
oracle hospitality guest access 4.2.0 |
||
oracle hospitality guest access 4.2.1 |
||
oracle weblogic server 10.3.6.0.0 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle enterprise manager ops center 12.3.3 |
||
oracle communications diameter signaling router |
||
oracle communications performance intelligence center |
||
oracle communications services gatekeeper |
||
oracle insurance rules palette 10.0 |
||
oracle insurance rules palette 10.2 |
||
oracle health sciences information manager 3.0 |
||
oracle healthcare master person index 3.0 |
||
oracle application testing suite 13.1.0.1 |
||
oracle application testing suite 13.3.0.1 |
||
oracle endeca information discovery integrator 3.2.0 |
||
oracle healthcare master person index 4.0 |
||
oracle retail open commerce platform 6.0.1 |
||
oracle application testing suite 13.2.0.1 |
||
oracle endeca information discovery integrator 3.1.0 |
||
oracle retail customer insights 15.0 |
||
oracle retail customer insights 16.0 |
||
oracle insurance calculation engine 10.2 |
||
oracle enterprise manager base platform 12.1.0.5.0 |
||
oracle enterprise manager base platform 13.2.0.0.0 |
||
oracle enterprise manager base platform 13.3.0.0.0 |
||
oracle communications converged application server |
||
oracle insurance calculation engine 10.2.1 |
||
oracle insurance rules palette 10.1 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail predictive application server 14.0 |
||
oracle retail predictive application server 14.1 |
||
oracle utilities network management system 1.12.0.3 |
||
oracle agile product lifecycle management 9.3.3 |
||
oracle agile product lifecycle management 9.3.4 |
||
oracle agile product lifecycle management 9.3.5 |
||
oracle agile product lifecycle management 9.3.6 |
||
oracle goldengate for big data 12.3.1.1 |
||
oracle goldengate for big data 12.3.2.1 |
||
oracle primavera gateway 17.12 |
||
oracle retail open commerce platform 5.3.0 |
||
oracle goldengate for big data 12.2.0.1 |
||
oracle insurance rules palette 11.0 |
||
oracle retail order broker 5.2 |
||
oracle retail predictive application server 15.0 |
||
oracle service architecture leveraging tuxedo 12.1.3.0.0 |
||
oracle tape library acsls 8.4 |
||
oracle big data discovery 1.6.0 |
||
oracle enterprise manager for mysql database 13.2 |
||
oracle insurance calculation engine 10.1.1 |
||
oracle insurance rules palette 11.1 |
||
oracle retail open commerce platform 6.0.0 |
||
oracle retail order broker 5.1 |
||
oracle retail predictive application server 16.0 |
||
oracle service architecture leveraging tuxedo 12.2.2.0.0 |
||
oracle flexcube private banking 2.0.0.0 |
||
oracle flexcube private banking 12.0.1.0 |
||
oracle flexcube private banking 12.0.3.0 |
||
oracle flexcube private banking 12.1.0.0 |
||
oracle communications unified inventory management 7.3.2 |
||
oracle communications unified inventory management 7.3.5 |
||
oracle communications unified inventory management 7.3.4 |
||
oracle communications unified inventory management 7.4.0 |