7.5
CVSSv2

CVE-2018-1270

Published: 06/04/2018 Updated: 23/04/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 672
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal software spring framework

oracle retail integration bus 14.0.2

oracle retail integration bus 14.0.3

oracle retail integration bus 14.0.4

oracle retail integration bus 16.0

oracle retail central office 14.1

oracle retail back office 14.0

oracle retail back office 14.1

oracle enterprise manager ops center 12.2.2

oracle communications diameter signaling router

oracle communications performance intelligence center

oracle retail integration bus 16.0.2

oracle retail integration bus 15.0.0.1

oracle primavera gateway 15.2

oracle application testing suite 12.5.0.3

oracle enterprise manager ops center 12.3.3

oracle retail open commerce platform 6.0.1

oracle application testing suite 13.1.0.1

oracle application testing suite 13.3.0.1

oracle insurance rules palette 10.0

oracle insurance rules palette 10.2

oracle communications services gatekeeper

oracle healthcare master person index 3.0

oracle retail customer insights 15.0

oracle retail customer insights 16.0

oracle tape library acsls 8.4

oracle service architecture leveraging tuxedo 12.1.3.0.0

oracle retail predictive application server 14.1

oracle retail open commerce platform 5.3.0

oracle insurance rules palette 11.1

oracle retail integration bus 15.0.2

oracle retail integration bus 14.1.1

oracle retail integration bus 14.1.2

oracle retail integration bus 14.1.3

oracle retail returns management 14.0

oracle retail point-of-sale 14.0

oracle retail central office 14.0

oracle primavera gateway 16.2

oracle application testing suite 13.2.0.1

oracle health sciences information manager 3.0

oracle healthcare master person index 4.0

oracle insurance calculation engine 10.2

oracle communications converged application server

oracle service architecture leveraging tuxedo 12.2.2.0.0

oracle retail predictive application server 14.0

oracle retail predictive application server 15.0

oracle retail predictive application server 16.0

oracle retail order broker 5.1

oracle retail order broker 5.2

oracle retail order broker 15.0

oracle retail order broker 16.0

oracle retail open commerce platform 6.0.0

oracle insurance calculation engine 10.2.1

oracle insurance calculation engine 10.1.1

oracle insurance rules palette 10.1

oracle insurance rules palette 11.0

oracle primavera gateway 17.12

oracle big data discovery 1.6.0

oracle goldengate for big data 12.2.0.1

oracle goldengate for big data 12.3.1.1

oracle goldengate for big data 12.3.2.1

oracle retail integration bus 14.0.1

oracle retail integration bus 16.0.1

oracle retail integration bus 15.0.1

oracle retail returns management 14.1

oracle retail point-of-sale 14.1

Vendor Advisories

Debian Bug report logs - #895114 libspring-java: CVE-2018-1270 CVE-2018-1272 Package: src:libspring-java; Maintainer for src:libspring-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Apr 2018 07:51:01 UTC Severity: gra ...
Synopsis Critical: Red Hat FIS 20 on Fuse 630 R8 security and bug fix update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...
Spring Framework, versions 50 prior to 505 and versions 43 prior to 4315 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module A malicious user (or attacker) can craft a message to the broker that can lead to a remote code executio ...
Summary Spring Framework, versions 50 prior to 505 and versions 43 prior to 4315 and older unsupported versions, allow applications to expose STOMP over WebSocketendpoints with a simple, in-memory STOMP broker through the spring-messaging module A malicious user (or attacker) can craft a message to the broker that can lead to a remote code ...
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) These vulnerabilities have been fixed in GDE 4004 Please apply the latest version for the fixes ...
IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to multiple security vulnerabilities There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click jacking attacks ...

Mailing Lists

Pivotal Spring Java Framework versions 50x and below suffer from a remote code execution vulnerability ...

Github Repositories

Docker for vulnerability environment with web ui

Docker 集成靶场环境(Web版) 基于docker-compose-ui + vulhub 原地址: githubcom/francescou/docker-compose-ui githubcom/vulhub/vulhub 靶场环境文件更新说明: 1 创建漏洞名称文件,如“Apache解析漏洞” 2 编写漏洞环境的dockerfile文件 3 编写漏洞环境所需的容器配置文件docker-composeyml 4 编写

CVE-2018-1270 表达式RCE环境

CVE-2018-1270 CVE-2018-1270 表达式RCE环境

CVE-2018-1270 - Spring messaging Spel 代码执行漏洞 昨天 Spring 公布了1个RCE漏洞,了解一下: CVE-2018-1270: Remote Code Execution with spring-messaging 影响版本 Spring Framework 50 to 504 Spring Framework 43 to 4314 这个漏洞对环境没有要求,如果你在使用 spring-messaging + websocket + STOMP,请尽快升级到最新版本;如果

DISCLAIMER: This repository is supplementary to the VGS blog post, How to Avoid "Using Components with Known Vulnerabilities" It contains an application with a known security vulnerability (namely, CVE-2017-8046), as well as the description of how to exploit it Use the application at your own risk! Setting Up First, start the application by executing the following c

Personal Blog/主记录漏洞挖掘相关研究(文章位于issues)

articles 个人博客。 本职工作从事恶意代码分析,时间有限,记录业余兴趣研究 Found Bugs Open Source heap-based out-of-bounds read when parsing otf file with undefined FontName in svg option (afdko) heap-based out-of-bounds read when parsing otf file with undefined glyph name in svg option (afdko) exiv2 parse url crash (exiv2) pdf2jp2 use NULL pointer

checking alerts of X-CERT

gocarts(go-CERT-alerts-summarizer) gocarts checks alerts of X-CERT (eg JPCERT, US-CERT) This project refers to knqyf263/gost Abstract gocarts is written in Go, and therefore you can just grab the binary releases and drop it in your $PATH gocarts summarizes alerts by CVE ID You can search alert's detail by CVE ID Main features gocarts has the following features S

https://51pwn.com,Awesome Penetration Testing,hacker tools collection, metasploit exploit, meterpreter....struts2、weblogic, 0day,poc,apt,backdoor,VulApps,vuln,pentest-script

Twitter: @Hktalent3135773 penetration tools dependencies Command Description kali linux recommend system node js program runtime javac, java auto generate payload metasploit auto generate payload, and autoexploit gcc auto generate payload tmux auto background send payload, shell Bash base64, tr, nc, auto generate payload python auto genera

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问( autoindex ) iis短文件名 IIS-ShortName-Scanner

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL (1) ASPNET (1) ActionScript (1) Arduino (2) Assembly (7) AutoHotkey (2) Batchfile (16) BitBake (5) Boo (1) C (286) C# (212) C++ (225) CMake (2) CSS (66) Classic ASP (2) Clojure (1) CoffeeScript (1) ColdFusion (1) Dart (1) Dockerfile (37) Emacs Lisp (1) Erlang (1) F# (2) Go (531) HCL (4)

平常看到好的各种工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr