Sign-up

ID

VAR-201804-1673


CVE

CVE-2018-1275


TITLE

Spring Framework Vulnerabilities related to security checks

Trust: 0.8

sources: JVNDB: JVNDB-2018-003100

DESCRIPTION

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. NOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update Advisory ID: RHSA-2018:1320-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2018:1320 Issue date: 2018-05-03 CVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 ===================================================================== 1. Summary: An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275) * spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * spring-framework: Multipart content pollution (CVE-2018-1272) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 5. References: https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12 https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth c3tFEafC+xcftRfJKlS6jU4= =NRhi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2018-1275 // JVNDB: JVNDB-2018-003100 // BID: 103771 // VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // PACKETSTORM: 149847 // PACKETSTORM: 147489

AFFECTED PRODUCTS

vendor:oraclemodel:tape library acslsscope:eqversion:8.4

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.3

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.1

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.1

Trust: 1.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.0

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.3

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.2.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.1.1

Trust: 1.3

vendor:oraclemodel:goldengate for big datascope:eqversion:12.2.0.1

Trust: 1.3

vendor:vmwaremodel:spring frameworkscope:ltversion:4.3.16

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.0.5

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.2.2.0.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:12.5.0.3

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.1.0.1

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.0

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:4.3.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:ltversion:10.2.1

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3.0

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.4

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.3

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.2

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.1

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:ltversion:4.3

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.16

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:5.0

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.5

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.3

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.1

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.4

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.0

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.2

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.0

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.15

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.14

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3

Trust: 0.3

vendor:oraclemodel:soa suitescope:eqversion:12.2.1.3.0

Trust: 0.3

vendor:oraclemodel:soa suitescope:eqversion:12.1.3.0.0

Trust: 0.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3

Trust: 0.3

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 0.3

vendor:oraclemodel:goldengate application adaptersscope:eqversion:12.3.2.1.1

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:14.0

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.4

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.3

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.1

Trust: 0.3

vendor:oraclemodel:flexcube investor servicingscope:eqversion:12.0.4

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.1

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:communications service brokerscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:communications online mediation controllerscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:-6.1

Trust: 0.3

vendor:oraclemodel:communications converged application server service controllerscope:eqversion:-6.0

Trust: 0.3

vendor:oraclemodel:big data discoveryscope:eqversion:1.6

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:5.0.5

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:4.3.16

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:neversion:7.2

Trust: 0.3

sources: BID: 103771 // JVNDB: JVNDB-2018-003100 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1275
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1275
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-563
value: CRITICAL

Trust: 0.6

VULHUB: VHN-122740
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1275
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122740
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-1275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-122740 // VULMON: CVE-2018-1275 // JVNDB: JVNDB-2018-003100 // CNNVD: CNNVD-201804-563 // NVD: CVE-2018-1275

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.9

problemtype:CWE-94

Trust: 1.0

sources: VULHUB: VHN-122740 // JVNDB: JVNDB-2018-003100 // NVD: CVE-2018-1275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-563

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201804-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003100

PATCH
title:CVE-2018-1275: Address partial fix for CVE-2018-1270url:https://pivotal.io/security/cve-2018-1275
Trust: 0.8
title:Pivotal Spring Framework Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83325
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/
Trust: 0.2
title:Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182939 - Security Advisory
Trust: 0.1
title:Red Hat: CVE-2018-1275url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-1275
Trust: 0.1
title:Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cf592ea3b0a1913a29c923afe44cd4b7
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385
Trust: 0.1
title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37
Trust: 0.1
title:PPPRASP
0x00 Start
0x01 基本漏洞检测类型 ing
0x02 CVE漏洞检测url:https://github.com/Whoopsunix/PPPRASP 
Trust: 0.1
title:https://github.com/bkhablenko/CVE-2017-8046url:https://github.com/bkhablenko/CVE-2017-8046 
Trust: 0.1
title:gocarts(go-CERT-alerts-summarizer)
Abstract
Main features
Usage
Fetch JPCERT
Fetch USCERT
Search mode
Output Mode
License
Authorurl:https://github.com/tomoyamachi/gocarts 
Trust: 0.1
title:A2:2017 Broken Authentication
A5:2017 Broken Access Control
A3:2017 Sensitive Data Exposure
A6:2017 Security Misconfiguration
A9:2017 Using Components with Known Vulnerabilities
A10:2017 Insufficient Logging & Monitoringurl:https://github.com/ilmari666/cybsec 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1275 // 
            
            
            
            JVNDB: JVNDB-2018-003100 // 
            
            
            
            CNNVD: CNNVD-201804-563

EXTERNAL IDS
db:NVDid:CVE-2018-1275
Trust: 3.1
db:BIDid:103771
Trust: 2.1
db:SECTRACKid:1041301
Trust: 1.8
db:JVNDBid:JVNDB-2018-003100
Trust: 0.8
db:CNNVDid:CNNVD-201804-563
Trust: 0.6
db:VULHUBid:VHN-122740
Trust: 0.1
db:VULMONid:CVE-2018-1275
Trust: 0.1
db:PACKETSTORMid:149847
Trust: 0.1
db:PACKETSTORMid:147489
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122740 // 
            
            
            
            VULMON: CVE-2018-1275 // 
            
            
            
            BID: 103771 // 
            
            
            
            JVNDB: JVNDB-2018-003100 // 
            
            
            
            PACKETSTORM: 149847 // 
            
            
            
            PACKETSTORM: 147489 // 
            
            
            
            CNNVD: CNNVD-201804-563 // 
            
            
            
            NVD: CVE-2018-1275

REFERENCES
url:http://www.securityfocus.com/bid/103771
Trust: 3.1
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Trust: 2.7
url:https://pivotal.io/security/cve-2018-1275
Trust: 2.1
url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Trust: 2.1
url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Trust: 2.1
url:https://access.redhat.com/errata/rhsa-2018:1320
Trust: 1.9
url:https://access.redhat.com/errata/rhsa-2018:2939
Trust: 1.9
url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.8
url:http://www.securitytracker.com/id/1041301
Trust: 1.8
url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1275
Trust: 1.0
url:http://pivotal.io/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1275
Trust: 0.8
url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-1271
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1305
Trust: 0.2
url:https://access.redhat.com/security/team/contact/
Trust: 0.2
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.2
url:https://bugzilla.redhat.com/):
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1304
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1271
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-1304
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1275
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-1305
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/whoopsunix/ppprasp
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=59022
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2017-12617
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1260
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12617
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1260
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1336
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-7489
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1270
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-7489
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1336
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1270
Trust: 0.1
url:https://access.redhat.com/articles/3060411
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/
Trust: 0.1
url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=catrhoar.spring.boot&version=1.5.12
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1272
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1272
Trust: 0.1
url:https://access.redhat.com/articles/11258
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122740 // 
            
            
            
            VULMON: CVE-2018-1275 // 
            
            
            
            BID: 103771 // 
            
            
            
            JVNDB: JVNDB-2018-003100 // 
            
            
            
            PACKETSTORM: 149847 // 
            
            
            
            PACKETSTORM: 147489 // 
            
            
            
            CNNVD: CNNVD-201804-563 // 
            
            
            
            NVD: CVE-2018-1275

CREDITS
and 0c0c0f.,rwx, Christoph Dreis
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201804-563

SOURCES
db:VULHUBid:VHN-122740
db:VULMONid:CVE-2018-1275
db:BIDid:103771
db:JVNDBid:JVNDB-2018-003100
db:PACKETSTORMid:149847
db:PACKETSTORMid:147489
db:CNNVDid:CNNVD-201804-563
db:NVDid:CVE-2018-1275

LAST UPDATE DATE
2024-08-14T12:09:58.132000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122740date:2020-07-15T00:00:00
db:VULMONid:CVE-2018-1275date:2023-11-07T00:00:00
db:BIDid:103771date:2019-07-17T07:00:00
db:JVNDBid:JVNDB-2018-003100date:2018-05-14T00:00:00
db:CNNVDid:CNNVD-201804-563date:2021-10-21T00:00:00
db:NVDid:CVE-2018-1275date:2023-11-07T02:55:54.387

SOURCES RELEASE DATE
db:VULHUBid:VHN-122740date:2018-04-11T00:00:00
db:VULMONid:CVE-2018-1275date:2018-04-11T00:00:00
db:BIDid:103771date:2018-04-13T00:00:00
db:JVNDBid:JVNDB-2018-003100date:2018-05-14T00:00:00
db:PACKETSTORMid:149847date:2018-10-18T03:51:21
db:PACKETSTORMid:147489date:2018-05-04T01:11:44
db:CNNVDid:CNNVD-201804-563date:2018-04-12T00:00:00
db:NVDid:CVE-2018-1275date:2018-04-11T13:29:00.353