ID

VAR-201805-1189


CVE

CVE-2018-1257


TITLE

Spring Framework Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005091

DESCRIPTION

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257) * spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 ===================================================================== 1. Summary: An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) * ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018) * apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * camel-mail: path traversal vulnerability (CVE-2018-8041) * vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537) * spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2018-1257 // JVNDB: JVNDB-2018-005091 // BID: 104260 // VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // PACKETSTORM: 148079 // PACKETSTORM: 150645

AFFECTED PRODUCTS

vendor:redhatmodel:openshiftscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.3.0

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.4

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.1.1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.1.0.1

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:utilities network management systemscope:eqversion:1.12.0.3

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:enterprise manager for mysql databasescope:eqversion:13.2

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.0.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:tape library acslsscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:ltversion:10.2.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.2.2.0.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:3.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:4.3.17

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.4

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.2.0.1

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.2.1

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.5

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:12.5.0.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.1.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.1

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.0.6

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.6.0.0

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.17

Trust: 0.8

vendor:red hatmodel:openshiftscope: - version: -

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:4.3.x

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:5.0.x

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.6

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.1

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:4.3.17

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.4

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.2

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.3

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.15

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.14

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.5

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:5.0.6

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.16

Trust: 0.3

sources: BID: 104260 // JVNDB: JVNDB-2018-005091 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1257
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1257
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122542
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-1257
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1257
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122542
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-1257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // JVNDB: JVNDB-2018-005091 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-122542 // JVNDB: JVNDB-2018-005091 // NVD: CVE-2018-1257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-405

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104260 // CNNVD: CNNVD-201805-405

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005091

PATCH

title:CVE-2018-1257: ReDoS Attack with spring-messagingurl:https://pivotal.io/security/cve-2018-1257

Trust: 0.8

title:RHSA-2018:1809url:https://access.redhat.com/errata/RHSA-2018:1809

Trust: 0.8

title:Pivotal Spring Framework Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80032

Trust: 0.6

title:Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20181809 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2018-1257url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-1257

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183768 - Security Advisory

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37

Trust: 0.1

title:cybsecurl:https://github.com/ilmari666/cybsec

Trust: 0.1

sources: VULMON: CVE-2018-1257 // JVNDB: JVNDB-2018-005091 // CNNVD: CNNVD-201805-405

EXTERNAL IDS

db:NVDid:CVE-2018-1257

Trust: 3.1

db:BIDid:104260

Trust: 2.1

db:JVNDBid:JVNDB-2018-005091

Trust: 0.8

db:CNNVDid:CNNVD-201805-405

Trust: 0.6

db:PACKETSTORMid:148079

Trust: 0.2

db:VULHUBid:VHN-122542

Trust: 0.1

db:VULMONid:CVE-2018-1257

Trust: 0.1

db:PACKETSTORMid:150645

Trust: 0.1

sources: VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // BID: 104260 // JVNDB: JVNDB-2018-005091 // PACKETSTORM: 148079 // PACKETSTORM: 150645 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

REFERENCES

url:http://www.securityfocus.com/bid/104260

Trust: 2.4

url:https://pivotal.io/security/cve-2018-1257

Trust: 2.1

url:https://access.redhat.com/errata/rhsa-2018:1809

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2018:3768

Trust: 1.9

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-1257

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257

Trust: 0.8

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/

Trust: 0.6

url:http://pivotal.io/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1259

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-1259

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-1257

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ilmari666/cybsec

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=57884

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot&downloadtype=distributions&version=1.5.13

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1260

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1260

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5003

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-12537

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8014

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=distributions&version=7.2.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1288

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1336

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5003

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8018

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8039

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-12537

Trust: 0.1

url:https://access.redhat.com/articles/2939351

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8041

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-12196

Trust: 0.1

sources: VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // BID: 104260 // JVNDB: JVNDB-2018-005091 // PACKETSTORM: 148079 // PACKETSTORM: 150645 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

CREDITS

Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.

Trust: 0.3

sources: BID: 104260

SOURCES

db:VULHUBid:VHN-122542
db:VULMONid:CVE-2018-1257
db:BIDid:104260
db:JVNDBid:JVNDB-2018-005091
db:PACKETSTORMid:148079
db:PACKETSTORMid:150645
db:CNNVDid:CNNVD-201805-405
db:NVDid:CVE-2018-1257

LAST UPDATE DATE

2024-11-23T20:42:50.942000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-122542date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-1257date:2022-06-23T00:00:00
db:BIDid:104260date:2018-05-09T00:00:00
db:JVNDBid:JVNDB-2018-005091date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-405date:2021-10-21T00:00:00
db:NVDid:CVE-2018-1257date:2024-11-21T03:59:28.767

SOURCES RELEASE DATE

db:VULHUBid:VHN-122542date:2018-05-11T00:00:00
db:VULMONid:CVE-2018-1257date:2018-05-11T00:00:00
db:BIDid:104260date:2018-05-09T00:00:00
db:JVNDBid:JVNDB-2018-005091date:2018-07-05T00:00:00
db:PACKETSTORMid:148079date:2018-06-07T15:16:13
db:PACKETSTORMid:150645date:2018-12-06T02:15:34
db:CNNVDid:CNNVD-201805-405date:2018-05-14T00:00:00
db:NVDid:CVE-2018-1257date:2018-05-11T20:29:00.213