Sign-up

ID

VAR-201805-1189


CVE

CVE-2018-1257


TITLE

Spring Framework Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005091

DESCRIPTION

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Spring Framework is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. Spring Framework 5.0 through 5.0.5 and 4.3 through 4.3.16 are vulnerable; other versions are also affected. Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Description: Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257) * spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.2 security update Advisory ID: RHSA-2018:3768-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:3768 Issue date: 2018-12-04 CVE Names: CVE-2016-5002 CVE-2016-5003 CVE-2017-12196 CVE-2018-1257 CVE-2018-1259 CVE-2018-1288 CVE-2018-1336 CVE-2018-8014 CVE-2018-8018 CVE-2018-8039 CVE-2018-8041 CVE-2018-12537 ===================================================================== 1. Summary: An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) * ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint (CVE-2018-8018) * apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) * xmlrpc: XML external entity vulnerability SSRF via a crafted DTD (CVE-2016-5002) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * spring-data-commons: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259) * kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass (CVE-2018-1288) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * camel-mail: path traversal vulnerability (CVE-2018-8041) * vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers (CVE-2018-12537) * spring-framework: ReDoS Attack with spring-messaging (CVE-2018-1257) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eedo Shapira (GE Digital) for reporting CVE-2018-8041. The CVE-2017-12196 issue was discovered by Jan Stourac (Red Hat). 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1508110 - CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD 1508123 - CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag 1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging 1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration 1579611 - CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins 1591072 - CVE-2018-12537 vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 1607591 - CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS 1607731 - CVE-2018-8018 ignite: Improper deserialization allows for code execution via GridClientJdkMarshaller endpoint 1611059 - CVE-2018-1288 kafka: Users can perform Broker actions via crafted fetch requests, interfering with data replication and causing data lass 1612644 - CVE-2018-8041 camel-mail: path traversal vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2016-5002 https://access.redhat.com/security/cve/CVE-2016-5003 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2018-1257 https://access.redhat.com/security/cve/CVE-2018-1259 https://access.redhat.com/security/cve/CVE-2018-1288 https://access.redhat.com/security/cve/CVE-2018-1336 https://access.redhat.com/security/cve/CVE-2018-8014 https://access.redhat.com/security/cve/CVE-2018-8018 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-8041 https://access.redhat.com/security/cve/CVE-2018-12537 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.2.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/ https://access.redhat.com/articles/2939351 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAakytzjgjWX9erEAQgDkw//Wb1MeuX1VOUq4u9qkgtp3ECPTAR3GE8B RWHYBguzM+WJrDPTtgH1sy1BstIEPgVooQLTKWhZYtJpR64S5T6YAv+aFh1vA7qI 87GDERqiATIm3l8qKBBOF02FukP9ywkaH5hR+pT7tM2OuN8iZ4dvKl0Rdzs6vnhF Ea+qVCKeQlyn88HUUqYw51nBX7tbK0H1RuG7DxlU93LBYqymMIZ90KhcGeuvNPu/ BVk7xMDtbdPSagSBy5WFpTvZ/ozeYBmO7u8p9l67SiD3obR6Rtn83B3DKvL/AFP4 ahKlIrK62hk2qgXrpLQ9aVUwBMZ1Lqu99LelF20hRt38L7qy/EXtD+Xdt0H9Xl/H bcLyRvjq8pOjdrdqAvnfI5HBDdSZrxujYX9t6egoQg3wFuS9h0DbKFMXSKMSaW2S WlP4L5zbCTvhPy3mIPOECKDxP8Xa2g2HnqCal2PpHIXGVBvD0CTuxI0b7a6WKKYf dbhm5uIEhdoS/vSuHntq+o+3IzlhRNHKx2Uh+03arWYyj4N26bbKFB+v+7gjL2e9 1ITf4HXEUphym5PY0R1GGc2Xr5Xc8BjV8xX3pgvI8FcRov4XGsS37TYpvNxPmTCA e4VB2C4WS+AFhk1QJR7cNuACwUxjarIoKUp1CX5gvqu35pVgxR97KxoblGdMtR9g UOgTm4iHIhQ= =RCpd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.25

sources: NVD: CVE-2018-1257 // JVNDB: JVNDB-2018-005091 // BID: 104260 // VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // PACKETSTORM: 148079 // PACKETSTORM: 150645

AFFECTED PRODUCTS

vendor:redhatmodel:openshiftscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.0.0.0

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.5

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.4

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:2.2.0.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.2

Trust: 1.0

vendor:oraclemodel:service architecture leveraging tuxedoscope:eqversion:12.2.2.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.2

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.0.6

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:ltversion:8.3

Trust: 1.0

vendor:oraclemodel:agile product lifecycle managementscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:tape library acslsscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:enterprise manager for mysql databasescope:eqversion:13.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:4.3.17

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.1.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.2.1

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.1

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.1.0.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.2.0.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.3.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.1.0

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:5.3.0

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:retail open commerce platformscope:eqversion:6.0.0

Trust: 1.0

vendor:oraclemodel:endeca information discovery integratorscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:utilities network management systemscope:eqversion:1.12.0.3

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:3.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:10.3.6.0.0

Trust: 1.0

vendor:oraclemodel:communications performance intelligence centerscope:ltversion:10.2.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:5.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.4

Trust: 1.0

vendor:oraclemodel:goldengate for big datascope:eqversion:12.3.1.1

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:12.5.0.3

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.17

Trust: 0.8

vendor:red hatmodel:openshiftscope: - version: -

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:4.3.x

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:ltversion:5.0.x

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.6

Trust: 0.8

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.1

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:4.3.17

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.4

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.2

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.3

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.15

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.14

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:5.0.5

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:neversion:5.0.6

Trust: 0.3

vendor:pivotalmodel:spring frameworkscope:eqversion:4.3.16

Trust: 0.3

sources: BID: 104260 // JVNDB: JVNDB-2018-005091 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1257
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1257
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-405
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122542
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-1257
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1257
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122542
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-1257
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-122542 // VULMON: CVE-2018-1257 // JVNDB: JVNDB-2018-005091 // CNNVD: CNNVD-201805-405 // NVD: CVE-2018-1257

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-122542 // JVNDB: JVNDB-2018-005091 // NVD: CVE-2018-1257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-405

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104260 // CNNVD: CNNVD-201805-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005091

PATCH
title:CVE-2018-1257: ReDoS Attack with spring-messagingurl:https://pivotal.io/security/cve-2018-1257
Trust: 0.8
title:RHSA-2018:1809url:https://access.redhat.com/errata/RHSA-2018:1809
Trust: 0.8
title:Pivotal Spring Framework Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80032
Trust: 0.6
title:Red Hat: Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20181809 - Security Advisory
Trust: 0.1
title:Red Hat: CVE-2018-1257url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-1257
Trust: 0.1
title:Red Hat: Important: Red Hat Fuse 7.2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20183768 - Security Advisory
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b
Trust: 0.1
title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385
Trust: 0.1
title:IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3dea47d76eee003a50f853f241578c37
Trust: 0.1
title:cybsecurl:https://github.com/ilmari666/cybsec 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1257 // 
            
            
            
            JVNDB: JVNDB-2018-005091 // 
            
            
            
            CNNVD: CNNVD-201805-405

EXTERNAL IDS
db:NVDid:CVE-2018-1257
Trust: 3.1
db:BIDid:104260
Trust: 2.1
db:JVNDBid:JVNDB-2018-005091
Trust: 0.8
db:CNNVDid:CNNVD-201805-405
Trust: 0.6
db:PACKETSTORMid:148079
Trust: 0.2
db:VULHUBid:VHN-122542
Trust: 0.1
db:VULMONid:CVE-2018-1257
Trust: 0.1
db:PACKETSTORMid:150645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122542 // 
            
            
            
            VULMON: CVE-2018-1257 // 
            
            
            
            BID: 104260 // 
            
            
            
            JVNDB: JVNDB-2018-005091 // 
            
            
            
            PACKETSTORM: 148079 // 
            
            
            
            PACKETSTORM: 150645 // 
            
            
            
            CNNVD: CNNVD-201805-405 // 
            
            
            
            NVD: CVE-2018-1257

REFERENCES
url:http://www.securityfocus.com/bid/104260
Trust: 2.4
url:https://pivotal.io/security/cve-2018-1257
Trust: 2.1
url:https://access.redhat.com/errata/rhsa-2018:1809
Trust: 2.0
url:https://access.redhat.com/errata/rhsa-2018:3768
Trust: 1.9
url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Trust: 1.8
url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujan2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.8
url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Trust: 1.8
url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1257
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1257
Trust: 0.8
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/
Trust: 0.6
url:http://pivotal.io/
Trust: 0.3
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1259
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-1259
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2018-1257
Trust: 0.2
url:https://bugzilla.redhat.com/):
Trust: 0.2
url:https://access.redhat.com/security/team/contact/
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ilmari666/cybsec
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=57884
Trust: 0.1
url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=catrhoar.spring.boot&downloadtype=distributions&version=1.5.13
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1260
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1260
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-8018
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2016-5003
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-12537
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-8014
Trust: 0.1
url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=distributions&version=7.2.0
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-8041
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1288
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2016-5002
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1336
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.2/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-5002
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-5003
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-12196
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-8039
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-8018
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-8039
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-1288
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-12537
Trust: 0.1
url:https://access.redhat.com/articles/2939351
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-1336
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2018-8014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-8041
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2017-12196
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122542 // 
            
            
            
            VULMON: CVE-2018-1257 // 
            
            
            
            BID: 104260 // 
            
            
            
            JVNDB: JVNDB-2018-005091 // 
            
            
            
            PACKETSTORM: 148079 // 
            
            
            
            PACKETSTORM: 150645 // 
            
            
            
            CNNVD: CNNVD-201805-405 // 
            
            
            
            NVD: CVE-2018-1257

CREDITS
Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.
Trust: 0.3
sources:
            
            
            BID: 104260

SOURCES
db:VULHUBid:VHN-122542
db:VULMONid:CVE-2018-1257
db:BIDid:104260
db:JVNDBid:JVNDB-2018-005091
db:PACKETSTORMid:148079
db:PACKETSTORMid:150645
db:CNNVDid:CNNVD-201805-405
db:NVDid:CVE-2018-1257

LAST UPDATE DATE
2024-08-14T13:09:09.298000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122542date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-1257date:2022-06-23T00:00:00
db:BIDid:104260date:2018-05-09T00:00:00
db:JVNDBid:JVNDB-2018-005091date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-405date:2021-10-21T00:00:00
db:NVDid:CVE-2018-1257date:2022-06-23T16:31:30.630

SOURCES RELEASE DATE
db:VULHUBid:VHN-122542date:2018-05-11T00:00:00
db:VULMONid:CVE-2018-1257date:2018-05-11T00:00:00
db:BIDid:104260date:2018-05-09T00:00:00
db:JVNDBid:JVNDB-2018-005091date:2018-07-05T00:00:00
db:PACKETSTORMid:148079date:2018-06-07T15:16:13
db:PACKETSTORMid:150645date:2018-12-06T02:15:34
db:CNNVDid:CNNVD-201805-405date:2018-05-14T00:00:00
db:NVDid:CVE-2018-1257date:2018-05-11T20:29:00.213