Sign-up

ID

VAR-201804-1676


CVE

CVE-2018-1270


TITLE

Spring Framework Vulnerabilities related to security checks

Trust: 0.8

sources: JVNDB: JVNDB-2018-003097

DESCRIPTION

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal Spring Framework is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update Advisory ID: RHSA-2018:2939-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2939 Issue date: 2018-10-17 CVE Names: CVE-2017-12617 CVE-2018-1260 CVE-2018-1270 CVE-2018-1271 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 CVE-2018-1336 CVE-2018-7489 ==================================================================== 1. Summary: An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Security fix(es): * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) * spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275) * spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271) * spring-framework: Possible RCE via spring messaging (CVE-2018-1270) * spring-security-oauth: remote code execution in the authorization process (CVE-2018-1260) * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Updating instructions and release notes may be found at: https://access.redhat.com/articles/3060411 4. Bugs fixed (https://bugzilla.redhat.com/): 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 1564405 - CVE-2018-1270 spring-framework: Possible RCE via spring messaging 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 5. References: https://access.redhat.com/security/cve/CVE-2017-12617 https://access.redhat.com/security/cve/CVE-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1270 https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification/#critical 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW8eNhdzjgjWX9erEAQgCYw//fxaqJeQ2VPWVSwfYTALj1Lvjrx0bTnip T8MKlgYC4PSKZcOmchvC3f01kNljr1CEJaUQWQi1A+is141gjHgV2nFMSGTUBwBK yGSPLD0oLDJWc/7y7qWMxrotEWjROKIQ72AXwjOtcEeSe9vzSmWotexKR0JYUdgw 8GAMlBhyiQagOncOP3JkWnUkTdNryhY9f5tfX7xfXcDDoxjq4rAVqLrCrWZvr4ec P89vACj8PonE+U5DvFrWWH9nKxGcdvnm0ouib/XFB8GJ/jHhRgBsk/CFpDoEEng5 rzFmbt7fm1OKfgFhRCyrxsVQVUbk0d1ATs+Lpu7Ty3fGysW2bN860Hi+20RSWyow ybjLNU9xSHUG9623XTyyVYgRIox991zpHCHsDWwjsV1NxfjdYlJfHGtuHKNeVQzf h71cHuC7o7VhxZFhMFHjp+O71Ow5N6HcrZAtmKrihfhHRVFugXkvFGRl55gqb4rr Y6/dX/H1abVCNGA5kziXQnO0ce/dAdUZ2mb8XRs3UVgt0MIVD1zisE9d52fsRkr/ NygTi1xn4Pmodoth3C209aA4Iaycixmx4F8HoXSTPNUCYrr0FIjBpDJX35TeTcxg /RU/vyHwdAwz/5aJgFDFxILd4z8a9bIpYGMglMU1rB5y/ovuBB4qUU/o4y8aVYzh bunfRFjDlIY=l0NF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2018-1270 // JVNDB: JVNDB-2018-003097 // BID: 103696 // VULHUB: VHN-122685 // VULMON: CVE-2018-1270 // PACKETSTORM: 149847

AFFECTED PRODUCTS

vendor:vmwaremodel:spring frameworkscope:ltversion:4.3.16

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.0.1

Trust: 1.0

vendor:oraclemodel:retail point-of-salescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.0.5

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.2.2.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:12.5.0.3

Trust: 1.0

vendor:oraclemodel:tape library acslsscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.0.4

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.2

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.2.1

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.1

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.1

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.1.0.1

Trust: 1.0

vendor:redhatmodel:fusescope:eqversion:1.0.0

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.0

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.0.1

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail point-of-salescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.2.2

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.0.2

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:ltversion:10.2.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.1.1

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.4

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.3

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.2

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.1

Trust: 0.9

vendor:pivotalmodel:spring frameworkscope:ltversion:4.3

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.15

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:5.0

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.5

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.3

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.1

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.4

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.0

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.2

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:4.2.9

Trust: 0.6

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.14

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:5.0.5

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:4.3.15

Trust: 0.3

sources: BID: 103696 // JVNDB: JVNDB-2018-003097 // CNNVD: CNNVD-201804-245 // NVD: CVE-2018-1270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1270
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1270
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-245
value: CRITICAL

Trust: 0.6

VULHUB: VHN-122685
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1270
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1270
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122685
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1270
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-1270
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-122685 // VULMON: CVE-2018-1270 // JVNDB: JVNDB-2018-003097 // CNNVD: CNNVD-201804-245 // NVD: CVE-2018-1270

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.9

problemtype:CWE-94

Trust: 1.0

sources: VULHUB: VHN-122685 // JVNDB: JVNDB-2018-003097 // NVD: CVE-2018-1270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-245

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201804-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003097

PATCH
title:CVE-2018-1270: Remote Code Execution with spring-messagingurl:https://pivotal.io/security/cve-2018-1270
Trust: 0.8
title:Pivotal Spring Framework Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83088
Trust: 0.6
title:Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182939 - Security Advisory
Trust: 0.1
title:Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cf592ea3b0a1913a29c923afe44cd4b7
Trust: 0.1
title:Red Hat: CVE-2018-1270url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-1270
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385
Trust: 0.1
title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37
Trust: 0.1
title:IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=55ea315dfb69fce8383762ac64250315
Trust: 0.1
title:CVE-2018-1270url:https://github.com/Venscor/CVE-2018-1270 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1270 // 
            
            
            
            JVNDB: JVNDB-2018-003097 // 
            
            
            
            CNNVD: CNNVD-201804-245

EXTERNAL IDS
db:NVDid:CVE-2018-1270
Trust: 3.0
db:BIDid:103696
Trust: 2.0
db:EXPLOIT-DBid:44796
Trust: 1.7
db:JVNDBid:JVNDB-2018-003097
Trust: 0.8
db:AUSCERTid:ESB-2019.0544
Trust: 0.6
db:AUSCERTid:ESB-2021.1395
Trust: 0.6
db:CNNVDid:CNNVD-201804-245
Trust: 0.6
db:PACKETSTORMid:147974
Trust: 0.1
db:SEEBUGid:SSVID-97214
Trust: 0.1
db:VULHUBid:VHN-122685
Trust: 0.1
db:VULMONid:CVE-2018-1270
Trust: 0.1
db:PACKETSTORMid:149847
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122685 // 
            
            
            
            VULMON: CVE-2018-1270 // 
            
            
            
            BID: 103696 // 
            
            
            
            JVNDB: JVNDB-2018-003097 // 
            
            
            
            PACKETSTORM: 149847 // 
            
            
            
            CNNVD: CNNVD-201804-245 // 
            
            
            
            NVD: CVE-2018-1270

REFERENCES
url:http://www.securityfocus.com/bid/103696
Trust: 2.3
url:https://pivotal.io/security/cve-2018-1270
Trust: 2.0
url:https://access.redhat.com/errata/rhsa-2018:2939
Trust: 1.8
url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Trust: 1.7
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Trust: 1.7
url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Trust: 1.7
url:https://www.exploit-db.com/exploits/44796/
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.7
url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
Trust: 1.7
url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3cissues.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-1270
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1270
Trust: 0.8
url:https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3cissues.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e
Trust: 0.7
url:http://www.ibm.com/support/docview.wss?uid=ibm10872142
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75922
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1395
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/
Trust: 0.6
url:https://www-01.ibm.com/support/docview.wss?uid=ibm10872142
Trust: 0.6
url:https://access.redhat.com/security/cve/cve-2018-1270
Trust: 0.4
url:http://pivotal.io/
Trust: 0.3
url:https://bugzilla.redhat.com/show_bug.cgi?id=1564405
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-1271
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2017-12617
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1260
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12617
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1260
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1336
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-7489
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1305
Trust: 0.1
url:https://access.redhat.com/security/team/contact/
Trust: 0.1
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-7489
Trust: 0.1
url:https://bugzilla.redhat.com/):
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1336
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1304
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1271
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1304
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1275
Trust: 0.1
url:https://access.redhat.com/articles/3060411
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1275
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1305
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122685 // 
            
            
            
            BID: 103696 // 
            
            
            
            JVNDB: JVNDB-2018-003097 // 
            
            
            
            PACKETSTORM: 149847 // 
            
            
            
            CNNVD: CNNVD-201804-245 // 
            
            
            
            NVD: CVE-2018-1270

CREDITS
Alvaro Munoz (@pwntester) Micro Focus Fortify.
Trust: 0.3
sources:
            
            
            BID: 103696

SOURCES
db:VULHUBid:VHN-122685
db:VULMONid:CVE-2018-1270
db:BIDid:103696
db:JVNDBid:JVNDB-2018-003097
db:PACKETSTORMid:149847
db:CNNVDid:CNNVD-201804-245
db:NVDid:CVE-2018-1270

LAST UPDATE DATE
2024-08-14T12:56:11.765000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122685date:2020-08-31T00:00:00
db:VULMONid:CVE-2018-1270date:2023-11-07T00:00:00
db:BIDid:103696date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003097date:2018-05-14T00:00:00
db:CNNVDid:CNNVD-201804-245date:2021-10-21T00:00:00
db:NVDid:CVE-2018-1270date:2023-11-07T02:55:54.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-122685date:2018-04-06T00:00:00
db:VULMONid:CVE-2018-1270date:2018-04-06T00:00:00
db:BIDid:103696date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003097date:2018-05-14T00:00:00
db:PACKETSTORMid:149847date:2018-10-18T03:51:21
db:CNNVDid:CNNVD-201804-245date:2018-04-06T00:00:00
db:NVDid:CVE-2018-1270date:2018-04-06T13:29:00.453