Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:N/I:N/A:P

No CWE or OWASP classifications available.

Software From Fixed in
vmware / spring_framework - 4.3.17
vmware / spring_framework 5.0.0 5.0.6
oracle / flexcube_private_banking 2.2.0.1 2.2.0.1.x
oracle / weblogic_server 12.1.3.0.0 12.1.3.0.0.x
oracle / primavera_gateway 16.2 16.2.x
oracle / primavera_gateway 15.2 15.2.x
oracle / application_testing_suite 12.5.0.3 12.5.0.3.x
oracle / hospitality_guest_access 4.2.0 4.2.0.x
oracle / hospitality_guest_access 4.2.1 4.2.1.x
oracle / weblogic_server 10.3.6.0.0 10.3.6.0.0.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / enterprise_manager_ops_center 12.3.3 12.3.3.x
oracle / endeca_information_discovery_integrator 3.2.0 3.2.0.x
oracle / endeca_information_discovery_integrator 3.1.0 3.1.0.x
oracle / retail_open_commerce_platform 6.0.1 6.0.1.x
oracle / application_testing_suite 13.1.0.1 13.1.0.1.x
oracle / application_testing_suite 13.2.0.1 13.2.0.1.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / communications_diameter_signaling_router - 8.3
oracle / communications_performance_intelligence_center - 10.2.1
oracle / insurance_rules_palette 10.0 10.0.x
oracle / insurance_rules_palette 10.2 10.2.x
oracle / communications_services_gatekeeper - 6.1.0.4.0
oracle / health_sciences_information_manager 3.0 3.0.x
oracle / healthcare_master_person_index 3.0 3.0.x
oracle / healthcare_master_person_index 4.0 4.0.x
oracle / insurance_calculation_engine 10.2 10.2.x
oracle / retail_customer_insights 15.0 15.0.x
oracle / retail_customer_insights 16.0 16.0.x
oracle / tape_library_acsls 8.4 8.4.x
oracle / communications_converged_application_server - 7.0.0.1
oracle / service_architecture_leveraging_tuxedo 12.1.3.0.0 12.1.3.0.0.x
oracle / service_architecture_leveraging_tuxedo 12.2.2.0.0 12.2.2.0.0.x
oracle / retail_predictive_application_server 14.0 14.0.x
oracle / retail_predictive_application_server 14.1 14.1.x
oracle / retail_predictive_application_server 15.0 15.0.x
oracle / retail_predictive_application_server 16.0 16.0.x
oracle / retail_order_broker 5.1 5.1.x
oracle / retail_order_broker 5.2 5.2.x
oracle / retail_order_broker 15.0 15.0.x
oracle / retail_order_broker 16.0 16.0.x
oracle / retail_open_commerce_platform 5.3.0 5.3.0.x
oracle / retail_open_commerce_platform 6.0.0 6.0.0.x
oracle / insurance_calculation_engine 10.2.1 10.2.1.x
oracle / insurance_calculation_engine 10.1.1 10.1.1.x
oracle / insurance_rules_palette 10.1 10.1.x
oracle / insurance_rules_palette 11.0 11.0.x
oracle / insurance_rules_palette 11.1 11.1.x
oracle / primavera_gateway 17.12 17.12.x
oracle / big_data_discovery 1.6.0 1.6.0.x
oracle / goldengate_for_big_data 12.2.0.1 12.2.0.1.x
oracle / goldengate_for_big_data 12.3.1.1 12.3.1.1.x
oracle / goldengate_for_big_data 12.3.2.1 12.3.2.1.x
oracle / enterprise_manager_for_mysql_database 13.2 13.2.x
oracle / agile_product_lifecycle_management 9.3.3 9.3.3.x
oracle / agile_product_lifecycle_management 9.3.4 9.3.4.x
oracle / agile_product_lifecycle_management 9.3.5 9.3.5.x
oracle / agile_product_lifecycle_management 9.3.6 9.3.6.x
oracle / utilities_network_management_system 1.12.0.3 1.12.0.3.x
oracle / enterprise_manager_base_platform 13.2.0.0.0 13.2.0.0.0.x
oracle / enterprise_manager_base_platform 12.1.0.5.0 12.1.0.5.0.x
oracle / enterprise_manager_base_platform 13.3.0.0.0 13.3.0.0.0.x
oracle / flexcube_private_banking 2.0.0.0 2.0.0.0.x
oracle / flexcube_private_banking 12.0.1.0 12.0.1.0.x
oracle / flexcube_private_banking 12.0.3.0 12.0.3.0.x
oracle / flexcube_private_banking 12.1.0.0 12.1.0.0.x
oracle / communications_unified_inventory_management 7.3.2 7.3.2.x
oracle / communications_unified_inventory_management 7.3.4 7.3.4.x
oracle / communications_unified_inventory_management 7.3.5 7.3.5.x
oracle / communications_unified_inventory_management 7.4.0 7.4.0.x
org.springframework / spring-core 5.0.0 5.0.6
org.springframework / spring-core - 4.3.17