ID

VAR-201804-1673


CVE

CVE-2018-1275


TITLE

Spring Framework Vulnerabilities related to security checks

Trust: 0.8

sources: JVNDB: JVNDB-2018-003100

DESCRIPTION

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. NOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update Advisory ID: RHSA-2018:1320-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2018:1320 Issue date: 2018-05-03 CVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275) * spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * spring-framework: Multipart content pollution (CVE-2018-1272) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 5. References: https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12 https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth c3tFEafC+xcftRfJKlS6jU4= =NRhi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2018-1275 // JVNDB: JVNDB-2018-003100 // BID: 103771 // VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // PACKETSTORM: 149847 // PACKETSTORM: 147489

AFFECTED PRODUCTS

vendor:oraclemodel:tape library acslsscope:eqversion:8.4

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.1

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.1

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.0

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.2.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.1.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.2.0.1

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.1.0.1

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:4.3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:ltversion:10.2.1

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.0.5

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.2.2.0.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:4.3.16

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:12.5.0.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.4

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.3

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.2

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.1

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:ltversion:4.3

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.16

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:5.0

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.5

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.3

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.1

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.4

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.0

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.2

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.0

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.15

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.14

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3

Trust: 0.3

vendor:oraclemodel:soa suitescope:eqversion:12.2.1.3.0

Trust: 0.3

vendor:oraclemodel:soa suitescope:eqversion:12.1.3.0.0

Trust: 0.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3

Trust: 0.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 0.3

vendor:oraclemodel:goldengate application adaptersscope:eqversion:12.3.2.1.1

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:14.0

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.4

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.3

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.1

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.0.4

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.1

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:communications service brokerscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:communications online mediation controllerscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:-6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:-6.0

Trust: 0.3

vendor:oraclemodel:big data discoveryscope:eqversion:1.6

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:5.0.5

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:4.3.16

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:neversion:7.2

Trust: 0.3

sources: BID: 103771 // JVNDB: JVNDB-2018-003100 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1275
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1275
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-563
value: CRITICAL

Trust: 0.6

VULHUB: VHN-122740
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1275
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122740
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-1275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // JVNDB: JVNDB-2018-003100 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.9

problemtype:CWE-94

Trust: 1.0

sources: VULHUB: VHN-122740 // JVNDB: JVNDB-2018-003100 // NVD: CVE-2018-1275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-563

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201804-563

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003100

PATCH

title:CVE-2018-1275: Address partial fix for CVE-2018-1270url:https://pivotal.io/security/cve-2018-1275

Trust: 0.8

title:Pivotal Spring Framework Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83325

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/

Trust: 0.2

title:Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182939 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2018-1275url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-1275

Trust: 0.1

title:Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cf592ea3b0a1913a29c923afe44cd4b7

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37

Trust: 0.1

title:PPPRASP 0x00 Start 0x01 基本漏洞检测类型 ing 0x02 CVE漏洞检测url:https://github.com/Whoopsunix/PPPRASP

Trust: 0.1

title:https://github.com/bkhablenko/CVE-2017-8046url:https://github.com/bkhablenko/CVE-2017-8046

Trust: 0.1

title:gocarts(go-CERT-alerts-summarizer) Abstract Main features Usage Fetch JPCERT Fetch USCERT Search mode Output Mode License Authorurl:https://github.com/tomoyamachi/gocarts

Trust: 0.1

title:A2:2017 Broken Authentication A5:2017 Broken Access Control A3:2017 Sensitive Data Exposure A6:2017 Security Misconfiguration A9:2017 Using Components with Known Vulnerabilities A10:2017 Insufficient Logging & Monitoringurl:https://github.com/ilmari666/cybsec

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc

Trust: 0.1

sources: VULMON: CVE-2018-1275 // JVNDB: JVNDB-2018-003100 // CNNVD: CNNVD-201804-563

EXTERNAL IDS

db:NVDid:CVE-2018-1275

Trust: 3.1

db:BIDid:103771

Trust: 2.1

db:SECTRACKid:1041301

Trust: 1.8

db:JVNDBid:JVNDB-2018-003100

Trust: 0.8

db:CNNVDid:CNNVD-201804-563

Trust: 0.6

db:VULHUBid:VHN-122740

Trust: 0.1

db:VULMONid:CVE-2018-1275

Trust: 0.1

db:PACKETSTORMid:149847

Trust: 0.1

db:PACKETSTORMid:147489

Trust: 0.1

sources: VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // BID: 103771 // JVNDB: JVNDB-2018-003100 // PACKETSTORM: 149847 // PACKETSTORM: 147489 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

REFERENCES

url:http://www.securityfocus.com/bid/103771

Trust: 3.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 2.7

url:https://pivotal.io/security/cve-2018-1275

Trust: 2.1

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 2.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 2.1

url:https://access.redhat.com/errata/rhsa-2018:1320

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2018:2939

Trust: 1.9

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.8

url:http://www.securitytracker.com/id/1041301

Trust: 1.8

url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1275

Trust: 1.0

url:http://pivotal.io/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1275

Trust: 0.8

url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e

Trust: 0.7

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-1271

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1305

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1271

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1275

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1305

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/94.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/whoopsunix/ppprasp

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-12617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1260

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-7489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-7489

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1336

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1270

Trust: 0.1

url:https://access.redhat.com/articles/3060411

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.spring.boot&version=1.5.12

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1272

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1272

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

sources: VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // BID: 103771 // JVNDB: JVNDB-2018-003100 // PACKETSTORM: 149847 // PACKETSTORM: 147489 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

CREDITS

and 0c0c0f.,rwx, Christoph Dreis

Trust: 0.6

sources: CNNVD: CNNVD-201804-563

SOURCES

db:VULHUBid:VHN-122740
db:VULMONid:CVE-2018-1275
db:BIDid:103771
db:JVNDBid:JVNDB-2018-003100
db:PACKETSTORMid:149847
db:PACKETSTORMid:147489
db:CNNVDid:CNNVD-201804-563
db:NVDid:CVE-2018-1275

LAST UPDATE DATE

2024-11-23T19:28:23.339000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-122740date:2020-07-15T00:00:00
db:VULMONid:CVE-2018-1275date:2023-11-07T00:00:00
db:BIDid:103771date:2019-07-17T07:00:00
db:JVNDBid:JVNDB-2018-003100date:2018-05-14T00:00:00
db:CNNVDid:CNNVD-201804-563date:2021-10-21T00:00:00
db:NVDid:CVE-2018-1275date:2024-11-21T03:59:31.333

SOURCES RELEASE DATE

db:VULHUBid:VHN-122740date:2018-04-11T00:00:00
db:VULMONid:CVE-2018-1275date:2018-04-11T00:00:00
db:BIDid:103771date:2018-04-13T00:00:00
db:JVNDBid:JVNDB-2018-003100date:2018-05-14T00:00:00
db:PACKETSTORMid:149847date:2018-10-18T03:51:21
db:PACKETSTORMid:147489date:2018-05-04T01:11:44
db:CNNVDid:CNNVD-201804-563date:2018-04-12T00:00:00
db:NVDid:CVE-2018-1275date:2018-04-11T13:29:00.353