1. Home
  2. Vulnerabilities
  3. CVE-2018-1270

CVE-2018-1270

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 76.38 % (98th)
76.38% Progress
Affected Products 28
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Weaknesses
CWE-358
Improperly Implemented Security Check for Standard
CWE-94
Improper Control of Generation of Code ('Code Injection')
Related CVEs
CVE Status
PUBLISHED
CNA
Dell
Published Date
2018-04-06 13:29:00
(6 years ago)
Updated Date
2023-11-07 02:55:54
(10 months ago)

Affected Products

Debian

Oracle

Redhat

Vmware

Configuration #1

    CPE23 From Up To
  Vmware Spring Framework prior 4.3.16 version cpe:2.3:a:vmware:spring_framework < 4.3.16
  Vmware Spring Framework from 5.0.0 version and prior 5.0.5 version cpe:2.3:a:vmware:spring_framework >= 5.0.0 < 5.0.5

Configuration #2

    CPE23 From Up To
  Oracle Application Testing Suite 12.5.0.3 cpe:2.3:a:oracle:application_testing_suite:12.5.0.3
  Oracle Application Testing Suite 13.1.0.1 cpe:2.3:a:oracle:application_testing_suite:13.1.0.1
  Oracle Application Testing Suite 13.2.0.1 cpe:2.3:a:oracle:application_testing_suite:13.2.0.1
  Oracle Application Testing Suite 13.3.0.1 cpe:2.3:a:oracle:application_testing_suite:13.3.0.1
  Oracle Big Data Discovery 1.6.0 cpe:2.3:a:oracle:big_data_discovery:1.6.0
  Oracle Communications Converged Application Server prior 7.0.0.1 version cpe:2.3:a:oracle:communications_converged_application_server < 7.0.0.1
  Oracle Communications Diameter Signaling Router prior 8.3 version cpe:2.3:a:oracle:communications_diameter_signaling_router < 8.3
  Oracle Communications Performance Intelligence Center prior 10.2.1 version cpe:2.3:a:oracle:communications_performance_intelligence_center < 10.2.1
  Oracle Communications Services Gatekeeper prior 6.1.0.4.0 version cpe:2.3:a:oracle:communications_services_gatekeeper < 6.1.0.4.0
  Oracle Enterprise Manager Ops Center 12.2.2 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
  Oracle Enterprise Manager Ops Center 12.3.3 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3
  Oracle Goldengate for Big Data 12.2.0.1 cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1
  Oracle Goldengate for Big Data 12.3.1.1 cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1
  Oracle Goldengate for Big Data 12.3.2.1 cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1
  Oracle Health Sciences Information Manager 3.0 cpe:2.3:a:oracle:health_sciences_information_manager:3.0
  Oracle Healthcare Master Person Index 3.0 cpe:2.3:a:oracle:healthcare_master_person_index:3.0
  Oracle Healthcare Master Person Index 4.0 cpe:2.3:a:oracle:healthcare_master_person_index:4.0
  Oracle Insurance Calculation Engine 10.1.1 cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1
  Oracle Insurance Calculation Engine 10.2 cpe:2.3:a:oracle:insurance_calculation_engine:10.2
  Oracle Insurance Calculation Engine 10.2.1 cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1
  Oracle Insurance Rules Palette 10.0 cpe:2.3:a:oracle:insurance_rules_palette:10.0
  Oracle Insurance Rules Palette 10.1 cpe:2.3:a:oracle:insurance_rules_palette:10.1
  Oracle Insurance Rules Palette 10.2 cpe:2.3:a:oracle:insurance_rules_palette:10.2
  Oracle Insurance Rules Palette 11.0 cpe:2.3:a:oracle:insurance_rules_palette:11.0
  Oracle Insurance Rules Palette 11.1 cpe:2.3:a:oracle:insurance_rules_palette:11.1
  Oracle Primavera Gateway 15.2 cpe:2.3:a:oracle:primavera_gateway:15.2
  Oracle Primavera Gateway 16.2 cpe:2.3:a:oracle:primavera_gateway:16.2
  Oracle Primavera Gateway 17.12 cpe:2.3:a:oracle:primavera_gateway:17.12
  Oracle Retail Back Office 14.0 cpe:2.3:a:oracle:retail_back_office:14.0
  Oracle Retail Back Office 14.1 cpe:2.3:a:oracle:retail_back_office:14.1
  Oracle Retail Central Office 14.0 cpe:2.3:a:oracle:retail_central_office:14.0
  Oracle Retail Central Office 14.1 cpe:2.3:a:oracle:retail_central_office:14.1
  Oracle Retail Customer Insights 15.0 cpe:2.3:a:oracle:retail_customer_insights:15.0
  Oracle Retail Customer Insights 16.0 cpe:2.3:a:oracle:retail_customer_insights:16.0
  Oracle Retail Integration Bus 14.0.1 cpe:2.3:a:oracle:retail_integration_bus:14.0.1
  Oracle Retail Integration Bus 14.0.2 cpe:2.3:a:oracle:retail_integration_bus:14.0.2
  Oracle Retail Integration Bus 14.0.3 cpe:2.3:a:oracle:retail_integration_bus:14.0.3
  Oracle Retail Integration Bus 14.0.4 cpe:2.3:a:oracle:retail_integration_bus:14.0.4
  Oracle Retail Integration Bus 14.1.1 cpe:2.3:a:oracle:retail_integration_bus:14.1.1
  Oracle Retail Integration Bus 14.1.2 cpe:2.3:a:oracle:retail_integration_bus:14.1.2
  Oracle Retail Integration Bus 14.1.3 cpe:2.3:a:oracle:retail_integration_bus:14.1.3
  Oracle Retail Integration Bus 15.0.0.1 cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1
  Oracle Retail Integration Bus 15.0.1 cpe:2.3:a:oracle:retail_integration_bus:15.0.1
  Oracle Retail Integration Bus 15.0.2 cpe:2.3:a:oracle:retail_integration_bus:15.0.2
  Oracle Retail Integration Bus 16.0 cpe:2.3:a:oracle:retail_integration_bus:16.0
  Oracle Retail Integration Bus 16.0.1 cpe:2.3:a:oracle:retail_integration_bus:16.0.1
  Oracle Retail Integration Bus 16.0.2 cpe:2.3:a:oracle:retail_integration_bus:16.0.2
  Oracle Retail Open Commerce Platform 5.3.0 cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0
  Oracle Retail Open Commerce Platform 6.0.0 cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0
  Oracle Retail Open Commerce Platform 6.0.1 cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1
  Oracle Retail Order Broker 5.1 cpe:2.3:a:oracle:retail_order_broker:5.1
  Oracle Retail Order Broker 5.2 cpe:2.3:a:oracle:retail_order_broker:5.2
  Oracle Retail Order Broker 15.0 cpe:2.3:a:oracle:retail_order_broker:15.0
  Oracle Retail Order Broker 16.0 cpe:2.3:a:oracle:retail_order_broker:16.0
  Oracle Retail Point-of-sale 14.0 cpe:2.3:a:oracle:retail_point-of-sale:14.0
  Oracle Retail Point-of-sale 14.1 cpe:2.3:a:oracle:retail_point-of-sale:14.1
  Oracle Retail Predictive Application Server 14.0 cpe:2.3:a:oracle:retail_predictive_application_server:14.0
  Oracle Retail Predictive Application Server 14.1 cpe:2.3:a:oracle:retail_predictive_application_server:14.1
  Oracle Retail Predictive Application Server 15.0 cpe:2.3:a:oracle:retail_predictive_application_server:15.0
  Oracle Retail Predictive Application Server 16.0 cpe:2.3:a:oracle:retail_predictive_application_server:16.0
  Oracle Retail Returns Management 14.0 cpe:2.3:a:oracle:retail_returns_management:14.0
  Oracle Retail Returns Management 14.1 cpe:2.3:a:oracle:retail_returns_management:14.1
  Oracle Retail Xstore Point Of Service 7.1 cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1
  Oracle Service Architecture Leveraging Tuxedo 12.1.3.0.0 cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0
  Oracle Service Architecture Leveraging Tuxedo 12.2.2.0.0 cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0
  Oracle Tape Library Acsls 8.4 cpe:2.3:a:oracle:tape_library_acsls:8.4

Configuration #3

    CPE23 From Up To
  Redhat Fuse 1.0.0 cpe:2.3:a:redhat:fuse:1.0.0

Configuration #4

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0