Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
vmware / spring_framework - 4.3.16
vmware / spring_framework 5.0.0 5.0.5
oracle / retail_xstore_point_of_service 7.1 7.1.x
oracle / enterprise_manager_ops_center 12.2.2 12.2.2.x
oracle / primavera_gateway 16.2 16.2.x
oracle / primavera_gateway 15.2 15.2.x
oracle / application_testing_suite 12.5.0.3 12.5.0.3.x
oracle / retail_back_office 14.1 14.1.x
oracle / retail_back_office 14.0 14.0.x
oracle / enterprise_manager_ops_center 12.3.3 12.3.3.x
oracle / retail_open_commerce_platform 6.0.1 6.0.1.x
oracle / application_testing_suite 13.1.0.1 13.1.0.1.x
oracle / application_testing_suite 13.2.0.1 13.2.0.1.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / communications_diameter_signaling_router - 8.3
oracle / communications_performance_intelligence_center - 10.2.1
oracle / insurance_rules_palette 10.0 10.0.x
oracle / insurance_rules_palette 10.2 10.2.x
oracle / communications_services_gatekeeper - 6.1.0.4.0
oracle / health_sciences_information_manager 3.0 3.0.x
oracle / healthcare_master_person_index 3.0 3.0.x
oracle / healthcare_master_person_index 4.0 4.0.x
oracle / insurance_calculation_engine 10.2 10.2.x
oracle / retail_customer_insights 15.0 15.0.x
oracle / retail_customer_insights 16.0 16.0.x
oracle / tape_library_acsls 8.4 8.4.x
oracle / communications_converged_application_server - 7.0.0.1
oracle / service_architecture_leveraging_tuxedo 12.1.3.0.0 12.1.3.0.0.x
oracle / service_architecture_leveraging_tuxedo 12.2.2.0.0 12.2.2.0.0.x
oracle / retail_predictive_application_server 14.0 14.0.x
oracle / retail_predictive_application_server 14.1 14.1.x
oracle / retail_predictive_application_server 15.0 15.0.x
oracle / retail_predictive_application_server 16.0 16.0.x
oracle / retail_order_broker 5.1 5.1.x
oracle / retail_order_broker 5.2 5.2.x
oracle / retail_order_broker 15.0 15.0.x
oracle / retail_order_broker 16.0 16.0.x
oracle / retail_open_commerce_platform 5.3.0 5.3.0.x
oracle / retail_open_commerce_platform 6.0.0 6.0.0.x
oracle / insurance_calculation_engine 10.2.1 10.2.1.x
oracle / insurance_calculation_engine 10.1.1 10.1.1.x
oracle / insurance_rules_palette 10.1 10.1.x
oracle / insurance_rules_palette 11.0 11.0.x
oracle / insurance_rules_palette 11.1 11.1.x
oracle / primavera_gateway 17.12 17.12.x
oracle / big_data_discovery 1.6.0 1.6.0.x
oracle / goldengate_for_big_data 12.2.0.1 12.2.0.1.x
oracle / goldengate_for_big_data 12.3.1.1 12.3.1.1.x
oracle / goldengate_for_big_data 12.3.2.1 12.3.2.1.x
oracle / retail_integration_bus 14.0.1 14.0.1.x
oracle / retail_integration_bus 14.0.2 14.0.2.x
oracle / retail_integration_bus 14.0.3 14.0.3.x
oracle / retail_integration_bus 14.0.4 14.0.4.x
oracle / retail_integration_bus 16.0 16.0.x
oracle / retail_integration_bus 16.0.1 16.0.1.x
oracle / retail_integration_bus 16.0.2 16.0.2.x
oracle / retail_integration_bus 15.0.1 15.0.1.x
oracle / retail_integration_bus 15.0.0.1 15.0.0.1.x
oracle / retail_integration_bus 15.0.2 15.0.2.x
oracle / retail_integration_bus 14.1.1 14.1.1.x
oracle / retail_integration_bus 14.1.2 14.1.2.x
oracle / retail_integration_bus 14.1.3 14.1.3.x
oracle / retail_returns_management 14.0 14.0.x
oracle / retail_returns_management 14.1 14.1.x
oracle / retail_point-of-sale 14.0 14.0.x
oracle / retail_point-of-sale 14.1 14.1.x
oracle / retail_central_office 14.0 14.0.x
oracle / retail_central_office 14.1 14.1.x
redhat / fuse 1.0.0 1.0.0.x
debian / debian_linux 9.0 9.0.x
org.springframework / spring-core 5.0.0 5.0.5
org.springframework / spring-core - 4.3.16