Remote code execution

2018-04-1113:29:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.793 High

EPSS

Percentile

98.3%

JSON

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

CPENameOperatorVersion
application_testing_suiteeq12.5.0.3
application_testing_suiteeq13.1.0.1
application_testing_suiteeq13.2.0.1
application_testing_suiteeq13.3.0.1
big_data_discoveryeq1.6.0
communications_converged_application_serverlt7.0.0.1
communications_diameter_signaling_routerlt8.3
communications_performance_intelligence_centerlt10.2.1
communications_services_gatekeeperlt6.1.0.4.0
goldengate_for_big_dataeq12.2.0.1

Name	Operator	Version
application_testing_suite	eq	12.5.0.3
application_testing_suite	eq	13.1.0.1
application_testing_suite	eq	13.2.0.1
application_testing_suite	eq	13.3.0.1
big_data_discovery	eq	1.6.0
communications_converged_application_server	lt	7.0.0.1
communications_diameter_signaling_router	lt	8.3
communications_performance_intelligence_center	lt	10.2.1
communications_services_gatekeeper	lt	6.1.0.4.0
goldengate_for_big_data	eq	12.2.0.1