Published: 06/04/2018 Updated: 23/06/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Spring Framework, versions 5.0 before 5.0.5 and versions 4.3 before 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring framework
oracle retail xstore point of service 7.1
oracle enterprise manager ops center 12.2.2
oracle primavera gateway 16.2
oracle primavera gateway 15.2
oracle application testing suite 12.5.0.3
oracle retail back office 14.1
oracle retail back office 14.0
oracle enterprise manager ops center 12.3.3
oracle retail open commerce platform 6.0.1
oracle application testing suite 13.1.0.1
oracle application testing suite 13.2.0.1
oracle application testing suite 13.3.0.1
oracle communications diameter signaling router
oracle communications performance intelligence center
oracle communications services gatekeeper
oracle health sciences information manager 3.0
oracle healthcare master person index 3.0
oracle healthcare master person index 4.0
oracle insurance calculation engine 10.2
oracle insurance rules palette 10.0
oracle insurance rules palette 10.2
oracle retail customer insights 15.0
oracle retail customer insights 16.0
oracle tape library acsls 8.4
oracle communications converged application server
oracle service architecture leveraging tuxedo 12.1.3.0.0
oracle service architecture leveraging tuxedo 12.2.2.0.0
oracle big data discovery 1.6.0
oracle goldengate for big data 12.2.0.1
oracle goldengate for big data 12.3.1.1
oracle goldengate for big data 12.3.2.1
oracle insurance calculation engine 10.1.1
oracle insurance calculation engine 10.2.1
oracle insurance rules palette 10.1
oracle insurance rules palette 11.0
oracle insurance rules palette 11.1
oracle primavera gateway 17.12
oracle retail integration bus 14.0.1
oracle retail integration bus 14.0.2
oracle retail integration bus 14.0.3
oracle retail integration bus 14.0.4
oracle retail integration bus 14.1.1
oracle retail integration bus 14.1.2
oracle retail integration bus 14.1.3
oracle retail integration bus 15.0.0.1
oracle retail integration bus 15.0.1
oracle retail integration bus 15.0.2
oracle retail integration bus 16.0
oracle retail integration bus 16.0.1
oracle retail integration bus 16.0.2
oracle retail open commerce platform 5.3.0
oracle retail open commerce platform 6.0.0
oracle retail order broker 5.1
oracle retail order broker 5.2
oracle retail order broker 15.0
oracle retail order broker 16.0
oracle retail predictive application server 14.0
oracle retail predictive application server 14.1
oracle retail predictive application server 15.0
oracle retail predictive application server 16.0
oracle retail point-of-sale 14.0
oracle retail returns management 14.0
oracle retail returns management 14.1
oracle communications policy management 12.5.0
oracle insurance calculation engine
oracle rapid planning 12.1
oracle rapid planning 12.2
oracle retail central office 14.0
oracle retail central office 14.1
oracle retail point-of-sale 14.1

Synopsis Critical: Red Hat FIS 20 on Fuse 630 R8 security and bug fix update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Fuse Integration ServicesRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scor ...

Synopsis Important: Fuse 71 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat FuseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed s ...

These repos are for the Path transversal attack payloads

Path-transversal-payloads These repos are for the Path transversal attack payloads Summary Tools Basic exploitation 16 bits Unicode encoding UTF-8 Unicode encoding Bypass "/" replaced by "" Bypass "/" with ";" Double URL encoding UNC Bypass NGINX/ALB Bypass Path Traversal Interesting Linux files Interesting Windows files Refere

CWE-22 https://pivotal.io/security/cve-2018-1271 http://www.securityfocus.com/bid/103699 https://access.redhat.com/errata/RHSA-2018:1320 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://access.redhat.com/errata/RHSA-2018:2669 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://access.redhat.com/errata/RHSA-2018:2939 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/errata/RHSA-2018:2939 https://nvd.nist.gov https://github.com/userprofilesecured/Path-transversal-payloads

CVE-2018-1271

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect