Multiple vulnerabilities in Pivotal Spring Framework
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-1257 CVE-2018-1258 CVE-2018-1260 |
| CWE-ID | CWE-20 CWE-862 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Pivotal Spring Framework Server applications / Frameworks for developing and running applications Spring Security OAuth Server applications / Frameworks for developing and running applications |
| Vendor | Pivotal |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU12650
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1257
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the spring-messaging module due to improper processing of messages by applications, which expose Simple Text Orientated Messaging Protocol (STOMP) over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A remote attacker can send a specially crafted message and conduct ReDoS attack.
Update to version 5.0.6 or 4.3.17.
Vulnerable software versionsPivotal Spring Framework: 4.3.0 - 5.0.5
CPE2.3- cpe:2.3:a:pivotal:pivotal_spring_framework:4.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:pivotal_spring_framework:5.0.5:*:*:*:*:*:*:*
https://pivotal.io/security/cve-2018-1257
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing authorization
EUVDB-ID: #VU12651
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1258
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
Update to version 5.0.6.
Vulnerable software versionsPivotal Spring Framework: 5.0.0 - 5.0.5
CPE2.3https://pivotal.io/security/cve-2018-1258
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU12919
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-1260
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted authorization request to the target authorization endpoint and execute arbitrary code when the resource owner is forwarded to the approval endpoint.
Successful exploitation of the vulnerability may result in system compromise.
Update to versions 2.3.3, 2.2.2, 2.1.2 or 2.0.15.
Vulnerable software versionsSpring Security OAuth: 2.0 - 2.3.2
CPE2.3- cpe:2.3:a:pivotal:spring_security_oauth:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:spring_security_oauth:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal:spring_security_oauth:2.0.2:*:*:*:*:*:*:*
https://pivotal.io/security/cve-2018-1260
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
