SB2018040804 - Multiple vulnerabilities in Pivotal Spring Framework

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-1270)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the spring-messaging module in Spring Frameworks due to the affected software allows a memory-based Simple/Streaming Text Orientated Messaging Protocol (STOMP) broker to expose STOMP over WebSocket endpoints. A remote attacker can send a message that submits malicious input to the broker and execute arbitrary code.

2) Improper privilege management (CVE-ID: CVE-2018-1272)

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The weakness exists due to improper processing of multipart requests. A remote attacker can make a multipart request that injects malicious content to the target server, cause it to use wrong values and gain root privileges.

3) Path traversal (CVE-ID: CVE-2018-1271)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the spring-webmvc module due to the improper serving of static resources from a file system on Microsoft Windows systems. A remote attacker can send a malicious request using a crafted URL, trigger directory traversal, overwrite, delete or read potentially sensitive file information.

Remediation

Install update from vendor's website.

References

• https://pivotal.io/security/cve-2018-1270
• https://pivotal.io/security/cve-2018-1272
• https://pivotal.io/security/cve-2018-1271