6.5

CVE-2018-1257

EPSS 1.79%
Published 11.05.2018 20:29:00
Last modified 21.11.2024 03:59:28
Source security_alert@emc.com
Teams watchlist Login
Open Login

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Affected products Warnungen 0 Metrics 3 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Spring Framework Version < 4.3.17

VMware ≫ Spring Framework Version >= 5.0.0 < 5.0.6

Redhat ≫ Openshift Version-

Oracle ≫ Agile Product Lifecycle Management Version9.3.3

Oracle ≫ Agile Product Lifecycle Management Version9.3.4

Oracle ≫ Agile Product Lifecycle Management Version9.3.5

Oracle ≫ Agile Product Lifecycle Management Version9.3.6

Oracle ≫ Application Testing Suite Version12.5.0.3

Oracle ≫ Application Testing Suite Version13.1.0.1

Oracle ≫ Application Testing Suite Version13.2.0.1

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Big Data Discovery Version1.6.0

Oracle ≫ Communications Converged Application Server Version < 7.0.0.1

Oracle ≫ Communications Diameter Signaling Router Version < 8.3

Oracle ≫ Communications Performance Intelligence Center Version < 10.2.1

Oracle ≫ Communications Services Gatekeeper Version < 6.1.0.4.0

Oracle ≫ Communications Unified Inventory Management Version7.3.2

Oracle ≫ Communications Unified Inventory Management Version7.3.4

Oracle ≫ Communications Unified Inventory Management Version7.3.5

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Endeca Information Discovery Integrator Version3.1.0

Oracle ≫ Endeca Information Discovery Integrator Version3.2.0

Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5.0

Oracle ≫ Enterprise Manager Base Platform Version13.2.0.0.0

Oracle ≫ Enterprise Manager Base Platform Version13.3.0.0.0

Oracle ≫ Enterprise Manager For Mysql Database Version13.2

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Flexcube Private Banking Version2.0.0.0

Oracle ≫ Flexcube Private Banking Version2.2.0.1

Oracle ≫ Flexcube Private Banking Version12.0.1.0

Oracle ≫ Flexcube Private Banking Version12.0.3.0

Oracle ≫ Flexcube Private Banking Version12.1.0.0

Oracle ≫ Goldengate For Big Data Version12.2.0.1

Oracle ≫ Goldengate For Big Data Version12.3.1.1

Oracle ≫ Goldengate For Big Data Version12.3.2.1

Oracle ≫ Health Sciences Information Manager Version3.0

Oracle ≫ Healthcare Master Person Index Version3.0

Oracle ≫ Healthcare Master Person Index Version4.0

Oracle ≫ Hospitality Guest Access Version4.2.0

Oracle ≫ Hospitality Guest Access Version4.2.1

Oracle ≫ Insurance Calculation Engine Version10.1.1

Oracle ≫ Insurance Calculation Engine Version10.2

Oracle ≫ Insurance Calculation Engine Version10.2.1

Oracle ≫ Insurance Rules Palette Version10.0

Oracle ≫ Insurance Rules Palette Version10.1

Oracle ≫ Insurance Rules Palette Version10.2

Oracle ≫ Insurance Rules Palette Version11.0

Oracle ≫ Insurance Rules Palette Version11.1

Oracle ≫ Primavera Gateway Version15.2

Oracle ≫ Primavera Gateway Version16.2

Oracle ≫ Primavera Gateway Version17.12

Oracle ≫ Retail Customer Insights Version15.0

Oracle ≫ Retail Customer Insights Version16.0

Oracle ≫ Retail Open Commerce Platform Version5.3.0

Oracle ≫ Retail Open Commerce Platform Version6.0.0

Oracle ≫ Retail Open Commerce Platform Version6.0.1

Oracle ≫ Retail Order Broker Version5.1

Oracle ≫ Retail Order Broker Version5.2

Oracle ≫ Retail Order Broker Version15.0

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Predictive Application Server Version14.0

Oracle ≫ Retail Predictive Application Server Version14.1

Oracle ≫ Retail Predictive Application Server Version15.0

Oracle ≫ Retail Predictive Application Server Version16.0

Oracle ≫ Service Architecture Leveraging Tuxedo Version12.1.3.0.0

Oracle ≫ Service Architecture Leveraging Tuxedo Version12.2.2.0.0

Oracle ≫ Tape Library Acsls Version8.4

Oracle ≫ Utilities Network Management System Version1.12.0.3

Oracle ≫ Weblogic Server Version10.3.6.0.0

Oracle ≫ Weblogic Server Version12.1.3.0.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.79%	0.82

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3768

Third Party Advisory

http://www.securityfocus.com/bid/104260

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:1809

Third Party Advisory

https://pivotal.io/security/cve-2018-1257

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1257

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1257

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1257

EUVD