Main
Vulnerability Database
Exploits
ID:8511 - Exploit for HTTP response splitting in Pivotal Spring Data Commons - CVE-2018-1273
ID:8511 - Exploit for HTTP response splitting in Pivotal Spring Data Commons - CVE-2018-1273
Published: October 21, 2022
Vulnerability identifier: #VU11918
Vulnerability risk: High
CVE-ID: CVE-2018-1273
CWE-ID: CWE-113
Exploitation vector: Remote access
Vulnerable software:
Pivotal Spring Data Commons
Pivotal Spring Data Commons
Link to public exploit:
Vulnerability description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to improper neutralization of special elements. A remote attacker can supply specially crafted request parameters against Spring Data REST backed HTTP resources or use Spring Data's projection-based request payload binding hat and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper neutralization of special elements. A remote attacker can supply specially crafted request parameters against Spring Data REST backed HTTP resources or use Spring Data's projection-based request payload binding hat and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to versions 1.13.10 or 2.0.5.