Lucene search
Redhat.comRH:CVE-2018-1257HistoryMay 15, 2018 - 10:19 p.m.
CVE-2018-1257
2018-05-1522:19:45
redhat.com
access.redhat.com
11
EPSS
0.002
Percentile
54.1%
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Related
prion
prion
Code injection
2018-05-11 20:29:00
debiancve
debiancve
CVE-2018-1257
2018-05-11 20:29:00
ubuntucve
ubuntucve
CVE-2018-1257
2018-05-11 00:00:00
cvelist
cvelist
CVE-2018-1257
2018-05-11 20:00:00
nvd
nvd
CVE-2018-1257
2018-05-11 20:29:00
osv
osv
CVE-2018-1257
2018-05-11 20:29:00
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-05-10 07:02:28
cve
cve
CVE-2018-1257
2018-05-11 20:29:00
github
github
Denial of Service in org.springframework:spring-core
2018-10-17 20:02:20
f5
f5
K31022653 : Spring Framework vulnerability CVE-2018-1257
2018-05-24 00:00:00
redhat
redhat
ibm
ibm
nessus
nessus
Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)
2019-04-18 00:00:00
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
2019-05-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00