#VU12651 Missing authorization in Pivotal Spring Framework - CVE-2018-1258
Published: May 15, 2018 / Updated: May 15, 2018
Vulnerability identifier: #VU12651
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1258
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Pivotal Spring Framework
Pivotal Spring Framework
Software vendor:
Pivotal
Pivotal
Description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted.
Remediation
Update to version 5.0.6.