Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2018:1809
HistoryJun 07, 2018 - 8:25 a.m.

(RHSA-2018:1809) Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update

2018-06-0708:25:02
access.redhat.com
42

0.047 Low

EPSS

Percentile

92.7%

JSON

Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of RHOAR Spring Boot 1.5.13 serves as a replacement for RHOAR Spring Boot 1.5.12, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.

Security Fix(es):

  • spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)

  • spring-data: XXE with Spring Data’s XMLBeam integration (CVE-2018-1259)

  • spring-security-oauth2: Remote Code Execution with spring-security-oauth2 (CVE-2018-1260)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Related

nvd 3
f5 3
prion 3
osv 6
cvelist 3
redhatcve 3
cve 3
github 3
veracode 3
dsquare 1
ubuntucve 1
debiancve 1
ibm 4
seebug 1
redhat 2
impervablog 1
nessus 2
oracle 8
nvd
nvd
CVE-2018-1259
2018-05-11 20:29:00
CVE-2018-1260
2018-05-11 20:29:00
CVE-2018-1257
2018-05-11 20:29:00
f5
f5
K27053426 : Spring data XML vulnerability CVE-2018-1259
2018-05-29 00:00:00
K10520421 : Spring Security OAuth vulnerability CVE-2018-1260
2018-05-29 00:00:00
K31022653 : Spring Framework vulnerability CVE-2018-1257
2018-05-24 00:00:00
prion
prion
Xxe
2018-05-11 20:29:00
Remote code execution
2018-05-11 20:29:00
Code injection
2018-05-11 20:29:00
osv
osv
CVE-2018-1259
2018-05-11 20:29:00
Spring Security OAuth vulnerable to remote code execution (RCE)
2018-10-18 18:05:34
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
2018-10-17 17:23:36
cvelist
cvelist
CVE-2018-1259
2018-05-09 00:00:00
CVE-2018-1260
2018-05-09 00:00:00
CVE-2018-1257
2018-05-09 00:00:00
redhatcve
redhatcve
CVE-2018-1259
2018-05-16 15:19:19
CVE-2018-1257
2018-05-15 22:19:45
CVE-2018-1260
2018-05-30 19:19:20
cve
cve
CVE-2018-1257
2018-05-11 20:29:00
CVE-2018-1259
2018-05-11 20:29:00
CVE-2018-1260
2018-05-11 20:29:00
github
github
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
2018-10-17 17:23:36
Spring Security OAuth vulnerable to remote code execution (RCE)
2018-10-18 18:05:34
veracode
veracode
XML External Entity (XXE)
2018-05-10 08:08:53
Regular Expression Denial Of Service (ReDoS)
2018-05-10 07:02:28
Remote Code Execution (RCE)
2018-05-10 06:42:48
dsquare
dsquare
Pivotal Spring Data Commons / Spring Data REST XXE File Disclosure
2018-07-27 00:00:00
ubuntucve
ubuntucve
CVE-2018-1257
2018-05-11 00:00:00
debiancve
debiancve
CVE-2018-1257
2018-05-11 20:29:00
ibm
ibm
Security Bulletin: Remote code execution vulnerability (CVE-2018-1260) affects IBM Spectrum Symphony 7.2.0.2 and 7.2.1
2018-09-25 13:15:02
Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Framework
2022-05-13 14:58:22
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)
2021-01-12 14:42:24
seebug
seebug
RCE with spring-security-oauth2 εˆ†ζž(CVE-2018-1260)
2018-05-11 00:00:00
redhat
redhat
(RHSA-2018:3768) Important: Red Hat Fuse 7.2 security update
2018-12-04 15:58:22
(RHSA-2018:2939) Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update
2018-10-17 19:27:11
impervablog
impervablog
Imperva Protects from New Spring Framework Zero-Day Vulnerabilities
2022-03-31 15:20:03
nessus
nessus
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
2019-04-18 00:00:00
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
2019-05-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for RHSA-2018:1809
nvd3f53prion3osv6cvelist3redhatcve3cve3github3veracode3dsquare1ubuntucve1debiancve1ibm4seebug1redhat2impervablog1nessus2oracle8