Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2018:1320
HistoryMay 03, 2018 - 5:05 p.m.

(RHSA-2018:1320) Critical: Red Hat OpenShift Application Runtimes security and bug fix update

2018-05-0317:05:40
access.redhat.com
42

0.793 High

EPSS

Percentile

98.3%

JSON

Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

Security Fix(es):

  • spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)

  • spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)

  • tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)

  • tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)

  • spring-framework: Multipart content pollution (CVE-2018-1272)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

thn 1
f5 3
debiancve 6
veracode 6
redhatcve 6
osv 17
nvd 6
cve 6
github 6
ubuntucve 6
checkpoint_advisories 2
prion 6
cvelist 6
kaspersky 1
tomcat 4
openvas 19
nessus 35
debian 6
fedora 2
ibm 22
freebsd 1
amazon 3
redhat 10
mageia 1
atlassian 3
centos 1
seebug 2
zdt 1
packetstorm 1
exploitdb 1
oraclelinux 1
nuclei 1
dsquare 1
ubuntu 1
checkpoint_security 1
symantec 1
oracle 3
thn
thn
Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now
2018-04-06 07:58:00
f5
f5
K29042031 : Multiple Spring Framework vulnerabilities
2018-04-07 00:00:00
K32051722 : Apache Tomcat vulnerability CVE-2018-1305
2018-03-12 00:00:00
K04623854 : Apache Tomcat vulnerability CVE-2018-1304
2018-03-12 00:00:00
debiancve
debiancve
CVE-2018-1275
2018-04-11 13:29:00
CVE-2018-1272
2018-04-06 13:29:00
CVE-2018-1270
2018-04-06 13:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-04-10 05:18:40
Privilege Escalation Through Multipart Content Pollution
2018-04-06 02:06:57
Security Constraint Bypass
2018-02-27 01:21:00
redhatcve
redhatcve
CVE-2018-1275
2018-04-09 20:20:44
CVE-2018-1272
2019-10-08 03:56:58
CVE-2018-1270
2018-04-06 08:18:54
osv
osv
CVE-2018-1275
2018-04-11 13:29:00
Improperly Implemented Security Check for Standard in org.springframework:spring-core
2018-10-17 20:28:00
tomcat7 - security update
2018-03-06 00:00:00
nvd
nvd
CVE-2018-1275
2018-04-11 13:29:00
CVE-2018-1272
2018-04-06 13:29:00
CVE-2018-1270
2018-04-06 13:29:00
cve
cve
CVE-2018-1275
2018-04-11 13:29:00
CVE-2018-1272
2018-04-06 13:29:00
CVE-2018-1270
2018-04-06 13:29:00
github
github
Improperly Implemented Security Check for Standard in org.springframework:spring-core
2018-10-17 20:28:00
Spring Framework allows applications to expose STOMP over WebSocket endpoints
2018-10-17 20:05:59
Possible privilege escalation in org.springframework:spring-core
2018-10-17 20:27:47
ubuntucve
ubuntucve
CVE-2018-1275
2018-04-11 00:00:00
CVE-2018-1272
2018-04-06 00:00:00
CVE-2018-1270
2018-04-06 00:00:00
checkpoint_advisories
checkpoint_advisories
VMware Spring Framework Remote Code Execution (CVE-2018-1270; CVE-2018-1275)
2018-04-12 00:00:00
Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)
2019-02-19 00:00:00
prion
prion
Remote code execution
2018-04-11 13:29:00
Input validation
2018-04-06 13:29:00
Remote code execution
2018-04-06 13:29:00
cvelist
cvelist
CVE-2018-1275
2018-04-09 00:00:00
CVE-2018-1272
2018-04-05 00:00:00
CVE-2018-1305
2018-02-23 00:00:00
kaspersky
kaspersky
KLA11203 Multiple vulnerabilities in Apache Tomcat
2018-02-13 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.28
2018-02-11 00:00:00
Fixed in Apache Tomcat 9.0.5
2018-02-11 00:00:00
Fixed in Apache Tomcat 7.0.85
2018-02-13 00:00:00
openvas
openvas
Fedora Update for tomcat FEDORA-2018-50f0da5d38
2018-04-06 00:00:00
Debian: Security Advisory (DLA-1301-1)
2018-03-26 00:00:00
Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities - Linux
2018-02-26 00:00:00
nessus
nessus
Apache Tomcat 9.0.0.M1 < 9.0.5 Insecure CGI Servlet Search Algorithm Description Weakness
2018-02-23 00:00:00
Debian DLA-1301-1 : tomcat7 security update
2018-03-07 00:00:00
Apache Tomcat 8.5.0 < 8.5.28 multiple vulnerabilities
2018-02-23 00:00:00
debian
debian
[SECURITY] [DLA 1450-1] tomcat8 security update
2018-07-29 11:57:59
[SECURITY] [DLA 1301-1] tomcat7 security update
2018-03-06 13:24:42
[SECURITY] [DLA 1400-1] tomcat7 security update
2018-06-27 20:56:21
fedora
fedora
[SECURITY] Fedora 26 Update: tomcat-8.0.50-1.fc26
2018-04-04 16:47:53
[SECURITY] Fedora 27 Update: tomcat-8.0.50-1.fc27
2018-04-04 17:10:49
ibm
ibm
Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities
2018-06-22 03:56:40
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)
2019-02-06 22:45:01
Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat (CVE-2018-1304 and CVE-2018-1305)
2020-04-20 14:40:53
freebsd
freebsd
tomcat -- Security constraints ignored or applied too late
2018-02-23 00:00:00
amazon
amazon
Medium: tomcat7, tomcat8
2018-03-21 22:06:00
Medium: tomcat80
2018-03-21 22:08:00
Important: tomcat
2020-03-09 19:23:00
redhat
redhat
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
(RHSA-2019:2205) Moderate: tomcat security, bug fix, and enhancement update
2019-08-06 08:13:03
(RHSA-2018:0466) Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
2018-03-07 15:08:21
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2018-02-28 16:55:21
atlassian
atlassian
Insecure version of Spring Web MVC used in Confluence Analytics
2020-02-19 22:31:10
Update bundled Apache Tomcat due to security vulnerabilities
2017-04-17 08:48:35
Update bundled Apache Tomcat due to security vulnerabilities
2017-04-17 08:48:35
centos
centos
tomcat security update
2019-08-30 04:27:31
seebug
seebug
spring-messaging Remote Code Execution(CVE-2018-1270)
2018-04-08 00:00:00
Apache Tomcat Security Bypass Vulnerability(CVE-2018-1305)
2018-02-27 00:00:00
zdt
zdt
Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit
2018-05-29 00:00:00
packetstorm
packetstorm
Pivotal Spring Java Framework 5.0.x Remote Code Execution
2018-05-29 00:00:00
exploitdb
exploitdb
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
2018-05-29 00:00:00
oraclelinux
oraclelinux
tomcat security, bug fix, and enhancement update
2019-08-13 00:00:00
nuclei
nuclei
Spring MVC Framework - Local File Inclusion
2020-06-03 00:53:25
dsquare
dsquare
Spring MVC File Disclosure
2018-12-28 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2018-05-30 00:00:00
checkpoint_security
checkpoint_security
Check Point Response to Spring Vulnerabilities CVE-2022-22963, CVE-2022-22946, CVE-2022-22947, CVE-2022-22965 (Spring4Shell) and CVE-2022-22950
2022-03-30 21:41:02
symantec
symantec
Apache Tomcat Vulnerabilities Jan-Aug 2018
2018-10-11 08:01:01
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
CPU July 2018
2018-07-17 00:00:00

0.793 High

EPSS

Percentile

98.3%

JSON
Related for RHSA-2018:1320
thn1f53debiancve6veracode6redhatcve6osv17nvd6cve6github6ubuntucve6checkpoint_advisories2prion6cvelist6kaspersky1tomcat4openvas19nessus35debian6fedora2ibm22freebsd1amazon3redhat10mageia1atlassian3centos1seebug2zdt1packetstorm1exploitdb1oraclelinux1nuclei1dsquare1ubuntu1checkpoint_security1symantec1oracle3