Lucene search
F5F5:K31022653HistoryMay 24, 2018 - 12:00 a.m.
K31022653 : Spring Framework vulnerability CVE-2018-1257
2018-05-2400:00:00
my.f5.com
21
Security Advisory Description
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. (CVE-2018-1257)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
ibm
ibm
prion
prion
Code injection
2018-05-11 20:29:00
Information disclosure
2017-12-20 18:29:00
debiancve
debiancve
CVE-2018-1257
2018-05-11 20:29:00
ubuntucve
ubuntucve
CVE-2018-1257
2018-05-11 00:00:00
cvelist
cvelist
CVE-2018-1257
2018-05-11 20:00:00
CVE-2017-1257
2017-12-20 18:00:00
nvd
nvd
CVE-2018-1257
2018-05-11 20:29:00
CVE-2017-1257
2017-12-20 18:29:00
cve
cve
CVE-2018-1257
2018-05-11 20:29:00
CVE-2017-1257
2017-12-20 18:29:00
osv
osv
CVE-2018-1257
2018-05-11 20:29:00
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-05-10 07:02:28
github
github
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
redhatcve
redhatcve
CVE-2018-1257
2018-05-15 22:19:45
redhat
redhat
nessus
nessus
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
2019-04-18 00:00:00
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
2019-05-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00