SB2018051507 - Multiple vulnerabilities in Pivotal Spring Framework

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018051507

SB2018051507 - Multiple vulnerabilities in Pivotal Spring Framework

Published: May 15, 2018 Updated: May 22, 2018

Security Bulletin ID SB2018051507
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-1257)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the spring-messaging module due to improper processing of messages by applications, which expose Simple Text Orientated Messaging Protocol (STOMP) over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A remote attacker can send a specially crafted message and conduct ReDoS attack.

2) Missing authorization (CVE-ID: CVE-2018-1258)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted. 

3) Improper input validation (CVE-ID: CVE-2018-1260)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted authorization request to the target authorization endpoint and execute arbitrary code when the resource owner is forwarded to the approval endpoint.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References