QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1275

Back to search

CVE-2018-1275

Published: Apr 11, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

VendorProductVersions

Spring by Pivotal

Spring Framework

affected
Versions prior to 5.0.5 and 4.3.16

Weaknesses (CWE)

CWE-94

References

1041301
vdb-entry
x_refsource_SECTRACK
RHSA-2018:2939
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1320
vendor-advisory
x_refsource_REDHAT
103771
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now