Multiple vulnerabilities in Pivotal Spring Framework
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-1270 CVE-2018-1272 CVE-2018-1271 |
| CWE-ID | CWE-20 CWE-269 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Pivotal Spring Framework Server applications / Frameworks for developing and running applications |
| Vendor | Pivotal |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU11616
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-1270
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the spring-messaging module in Spring Frameworks due to the affected software allows a memory-based Simple/Streaming Text Orientated Messaging Protocol (STOMP) broker to expose STOMP over WebSocket endpoints. A remote attacker can send a message that submits malicious input to the broker and execute arbitrary code.
Update to version 4.3.15 or 5.0.5.
Vulnerable software versionsPivotal Spring Framework: 4.3.0 - 5.0.4
CPE2.3- cpe:2.3:a:pivotal:pivotal_spring_framework:4.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:pivotal_spring_framework:5.0.4:*:*:*:*:*:*:*
https://pivotal.io/security/cve-2018-1270
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper privilege management
EUVDB-ID: #VU11753
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1272
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to improper processing of multipart requests. A remote attacker can make a multipart request that injects malicious content to the target server, cause it to use wrong values and gain root privileges.
MitigationUpdate to versions 5.0.5 or 4.3.15.
Vulnerable software versionsPivotal Spring Framework: 4.3.0 - 5.0.4
CPE2.3https://pivotal.io/security/cve-2018-1272
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU11752
Risk: Low
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1271
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists in the spring-webmvc module due to the improper serving of static resources from a file system on Microsoft Windows systems. A remote attacker can send a malicious request using a crafted URL, trigger directory traversal, overwrite, delete or read potentially sensitive file information.
MitigationUpdate to versions 5.0.5 or 4.3.15.
Vulnerable software versionsPivotal Spring Framework: 4.3.0 - 5.0.4
CPE2.3https://pivotal.io/security/cve-2018-1271
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
