Vulnerability-Lookup

CVE-2018-1271 (GCVE-0-2018-1271)

Vulnerability from cvelistv5 – Published: 2018-04-06 13:00 – Updated: 2024-09-16 23:16

Summary

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Severity ?

No CVSS data available.

CWE

CWE-22 - - Path Traversal

Assigner

dell

References

URL

	Vendor	Product	Version
	Spring by Pivotal	Spring Framework	Affected: Versions prior to 5.0.5 and 4.3.15

CNVD-2018-07570

Vulnerability from cnvd - Published: 2018-04-12

Title

Pivotal Spring Framework目录遍历漏洞

Description

Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。 Pivotal Spring Framework存在目录遍历漏洞。远程攻击者可以使用目录遍历字符（“..”）来访问这个包含敏感信息的任意文件。

Severity

中

Patch Name

Pivotal Spring Framework目录遍历漏洞的补丁

Patch Description

Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。 Pivotal Spring Framework存在目录遍历漏洞。远程攻击者可以使用目录遍历字符（“..”）来访问这个包含敏感信息的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://www.anquanke.com/post/id/104401

Reference

https://www.anquanke.com/post/id/104401 https://www.securityfocus.com/bid/103699

Impacted products

Name
['Pivotal Software Spring Framework >=5.0，<=5.0.4', 'Pivotal Software Spring Framework >=4.3，<=4.3.14']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103699"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1271"
    }
  },
  "description": "Pivotal Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002 \r\n\r\nPivotal Spring Framework\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u76ee\u5f55\u904d\u5386\u5b57\u7b26\uff08\u201c..\u201d\uff09\u6765\u8bbf\u95ee\u8fd9\u4e2a\u5305\u542b\u654f\u611f\u4fe1\u606f\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Orange Tsai (@orange_8361) from DEVCORE",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.anquanke.com/post/id/104401",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07570",
  "openTime": "2018-04-12",
  "patchDescription": "Pivotal Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002 \r\n\r\nPivotal Spring Framework\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u76ee\u5f55\u904d\u5386\u5b57\u7b26\uff08\u201c..\u201d\uff09\u6765\u8bbf\u95ee\u8fd9\u4e2a\u5305\u542b\u654f\u611f\u4fe1\u606f\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Spring Framework\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Spring Framework \u003e=5.0\uff0c\u003c=5.0.4",
      "Pivotal Software Spring Framework \u003e=4.3\uff0c\u003c=4.3.14"
    ]
  },
  "referenceLink": "https://www.anquanke.com/post/id/104401\r\nhttps://www.securityfocus.com/bid/103699",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-12",
  "title": "Pivotal Spring Framework\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

GSD-2018-1271

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1271

Aliases

CVE-2018-1271

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1271",
    "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",
    "id": "GSD-2018-1271",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:2939",
      "https://access.redhat.com/errata/RHSA-2018:2669",
      "https://access.redhat.com/errata/RHSA-2018:1320"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1271"
      ],
      "details": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",
      "id": "GSD-2018-1271",
      "modified": "2023-12-13T01:22:36.923200Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2018-04-05T00:00:00",
        "ID": "CVE-2018-1271",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Spring Framework",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions prior to 5.0.5 and 4.3.15"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Spring by Pivotal"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22 - Path Traversal"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103699",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103699"
          },
          {
            "name": "RHSA-2018:2669",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2669"
          },
          {
            "name": "RHSA-2018:2939",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "RHSA-2018:1320",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:1320"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://pivotal.io/security/cve-2018-1271",
            "refsource": "CONFIRM",
            "url": "https://pivotal.io/security/cve-2018-1271"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[5.0.0,5.0.5),(,4.3.15)",
          "affected_versions": "All versions starting from 5.0.0 before 5.0.5, all versions before 4.3.15",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2021-10-21",
          "description": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",
          "fixed_versions": [
            "4.3.15"
          ],
          "identifier": "CVE-2018-1271",
          "identifiers": [
            "GHSA-g8hw-794c-4j9g",
            "CVE-2018-1271"
          ],
          "not_impacted": "All versions before 5.0.0, all versions starting from 4.3.15 before 5.0.5",
          "package_slug": "maven/org.springframework/spring-core",
          "pubdate": "2018-10-17",
          "solution": "Upgrade to version 4.3.15 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1271",
            "https://access.redhat.com/errata/RHSA-2018:1320",
            "https://access.redhat.com/errata/RHSA-2018:2669",
            "https://access.redhat.com/errata/RHSA-2018:2939",
            "https://github.com/advisories/GHSA-g8hw-794c-4j9g",
            "https://pivotal.io/security/cve-2018-1271",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "http://www.securityfocus.com/bid/103699",
            "https://www.oracle.com/security-alerts/cpuoct2021.html"
          ],
          "uuid": "f6e70e49-3d85-44aa-b06a-99807e69663a"
        },
        {
          "affected_range": "(,4.2.9.RELEASE],[4.3.0.RELEASE,4.3.15.RELEASE),[5.0.RELEASE,5.0.5.RELEASE)",
          "affected_versions": "All versions up to 4.2.9.RELEASE, all versions starting from 4.3.0.RELEASE before 4.3.15.RELEASE, all versions starting from 5.0.RELEASE before 5.0.5.RELEASE",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2019-07-23",
          "description": "Spring Framework allows applications to configure Spring MVC to serve static resources (e.g., CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the `ServletContext`), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",
          "fixed_versions": [
            "4.3.15.RELEASE",
            "5.0.5.RELEASE"
          ],
          "identifier": "CVE-2018-1271",
          "identifiers": [
            "CVE-2018-1271"
          ],
          "not_impacted": "All versions after 4.2.9.RELEASE before 4.3.0.RELEASE, all versions starting from 4.3.15.RELEASE before 5.0.RELEASE, all versions starting from 5.0.5.RELEASE",
          "package_slug": "maven/org.springframework/spring-webmvc",
          "pubdate": "2018-04-06",
          "solution": "Upgrade to versions 4.3.15.RELEASE, 5.0.5.RELEASE or above.",
          "title": "Path Traversal",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-1271",
            "http://www.securityfocus.com/bid/103699",
            "https://pivotal.io/security/cve-2018-1271"
          ],
          "uuid": "845de233-9ecb-4c15-94df-416d79ffaa76"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.5",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.15",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.0.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-1271"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2018-1271",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pivotal.io/security/cve-2018-1271"
            },
            {
              "name": "103699",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103699"
            },
            {
              "name": "RHSA-2018:1320",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1320"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "RHSA-2018:2669",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2669"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-23T16:33Z",
      "publishedDate": "2018-04-06T13:29Z"
    }
  }
}

FKIE_CVE-2018-1271

Vulnerability from fkie_nvd - Published: 2018-04-06 13:29 - Updated: 2024-11-21 03:59

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch, Third Party Advisory
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/103699	Third Party Advisory, VDB Entry
security_alert@emc.com	https://access.redhat.com/errata/RHSA-2018:1320	Third Party Advisory
security_alert@emc.com	https://access.redhat.com/errata/RHSA-2018:2669	Third Party Advisory
security_alert@emc.com	https://access.redhat.com/errata/RHSA-2018:2939	Third Party Advisory
security_alert@emc.com	https://pivotal.io/security/cve-2018-1271	Vendor Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103699	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:1320	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2669	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2939	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pivotal.io/security/cve-2018-1271	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	spring_framework	*
vmware	spring_framework	*
oracle	application_testing_suite	12.5.0.3
oracle	application_testing_suite	13.1.0.1
oracle	application_testing_suite	13.2.0.1
oracle	application_testing_suite	13.3.0.1
oracle	big_data_discovery	1.6.0
oracle	communications_converged_application_server	*
oracle	communications_diameter_signaling_router	*
oracle	communications_performance_intelligence_center	*
oracle	communications_policy_management	12.5.0
oracle	communications_services_gatekeeper	*
oracle	enterprise_manager_ops_center	12.2.2
oracle	enterprise_manager_ops_center	12.3.3
oracle	goldengate_for_big_data	12.2.0.1
oracle	goldengate_for_big_data	12.3.1.1
oracle	goldengate_for_big_data	12.3.2.1
oracle	health_sciences_information_manager	3.0
oracle	healthcare_master_person_index	3.0
oracle	healthcare_master_person_index	4.0
oracle	insurance_calculation_engine	*
oracle	insurance_calculation_engine	10.1.1
oracle	insurance_calculation_engine	10.2
oracle	insurance_calculation_engine	10.2.1
oracle	insurance_rules_palette	10.0
oracle	insurance_rules_palette	10.1
oracle	insurance_rules_palette	10.2
oracle	insurance_rules_palette	11.0
oracle	insurance_rules_palette	11.1
oracle	primavera_gateway	15.2
oracle	primavera_gateway	16.2
oracle	primavera_gateway	17.12
oracle	rapid_planning	12.1
oracle	rapid_planning	12.2
oracle	retail_back_office	14.0
oracle	retail_back_office	14.1
oracle	retail_central_office	14.0
oracle	retail_central_office	14.1
oracle	retail_customer_insights	15.0
oracle	retail_customer_insights	16.0
oracle	retail_integration_bus	14.0.1
oracle	retail_integration_bus	14.0.2
oracle	retail_integration_bus	14.0.3
oracle	retail_integration_bus	14.0.4
oracle	retail_integration_bus	14.1.1
oracle	retail_integration_bus	14.1.2
oracle	retail_integration_bus	14.1.3
oracle	retail_integration_bus	15.0.0.1
oracle	retail_integration_bus	15.0.1
oracle	retail_integration_bus	15.0.2
oracle	retail_integration_bus	16.0
oracle	retail_integration_bus	16.0.1
oracle	retail_integration_bus	16.0.2
oracle	retail_open_commerce_platform	5.3.0
oracle	retail_open_commerce_platform	6.0.0
oracle	retail_open_commerce_platform	6.0.1
oracle	retail_order_broker	5.1
oracle	retail_order_broker	5.2
oracle	retail_order_broker	15.0
oracle	retail_order_broker	16.0
oracle	retail_point-of-sale	14.0
oracle	retail_point-of-sale	14.1
oracle	retail_predictive_application_server	14.0
oracle	retail_predictive_application_server	14.1
oracle	retail_predictive_application_server	15.0
oracle	retail_predictive_application_server	16.0
oracle	retail_returns_management	14.0
oracle	retail_returns_management	14.1
oracle	retail_xstore_point_of_service	7.1
oracle	service_architecture_leveraging_tuxedo	12.1.3.0.0
oracle	service_architecture_leveraging_tuxedo	12.2.2.0.0
oracle	tape_library_acsls	8.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD987888-3DB7-4BE3-A830-9F915F3C81DF",
              "versionEndExcluding": "4.3.15",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22847CAE-3C2C-4C2E-9D2E-47DB4091442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E484D25-1753-42A1-9658-8E9CCE8E3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEAFF40-B0C7-4B05-A655-B3F93055FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF4C859-616D-44F9-BE76-589A4E6E8BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE753D-A090-47DE-8EF0-8FDE07576E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAFB538-A395-4C4D-83F7-CD453C0DFB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0CA26F-41D3-433F-9C17-1A4F5066F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C4D75-3927-4D07-BE16-4204F641A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A6CF77-09DF-43FD-833A-8DAAE016717A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "632E9828-907F-4F2C-81D5-A74A6DDA2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, permite que las aplicaciones configuren Spring MVC para que sirva recursos est\u00e1ticos (por ejemplo, CSS, JS o im\u00e1genes). Cuando se sirven recursos est\u00e1ticos desde un sistema de archivos en Windows (en contraposici\u00f3n a classpath o a ServletContext), un usuario malicioso puede enviar una petici\u00f3n mediante una URL especialmente manipulada que puede llevar a un ataque de salto de directorio."
    }
  ],
  "id": "CVE-2018-1271",
  "lastModified": "2024-11-21T03:59:30.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-06T13:29:00.500",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-G8HW-794C-4J9G

Vulnerability from github – Published: 2018-10-17 20:07 – Updated: 2024-03-07 21:32

Summary

Path Traversal in org.springframework:spring-core

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.3.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-1271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:36:29Z",
    "nvd_published_at": "2018-04-06T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.",
  "id": "GHSA-g8hw-794c-4j9g",
  "modified": "2024-03-07T21:32:20Z",
  "published": "2018-10-17T20:07:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/0e28bee0f155b9bf240b4bafc4646e4810cb23f8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603ab"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/695bf2961feffd35b5560ccc982a2189dcca611f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea90375548"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22aa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/f046a066eceefa0799d1bc89bd6e1318f39bdf69"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/f59ea610dfcf55cd0b42f6dd76a9b3dab0218aaa"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-g8hw-794c-4j9g"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103699"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Path Traversal in org.springframework:spring-core"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1271 (GCVE-0-2018-1271)

CNVD-2018-07570

GSD-2018-1271

FKIE_CVE-2018-1271

GHSA-G8HW-794C-4J9G

Tags

Sightings

Nomenclature