Missing authorization in Pivotal Spring Framework - CVE-2018-1258
Published: May 15, 2018 / Updated: May 15, 2018
Vulnerability identifier: #VU12651
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1258
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Pivotal
Affected software:
Pivotal Spring Framework
Pivotal Spring Framework
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
How to mitigate CVE-2018-1258
Update to version 5.0.6.