The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Pivotal Spring Framework

computer vulnerability bulletin CVE-2018-15801

Spring Framework: privilege escalation via JWT Issuer Validation

Synthesis of the vulnerability

An attacker can bypass restrictions via JWT Issuer Validation of Spring Framework, in order to escalate his privileges.
Impacted products: Spring Framework.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 19/12/2018.
Identifiers: CVE-2018-15801, VIGILANCE-VUL-28058.

Description of the vulnerability

An attacker can bypass restrictions via JWT Issuer Validation of Spring Framework, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-15756

Spring Framework: denial of service via Complex Range Requests

Synthesis of the vulnerability

An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Impacted products: Spring Framework.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 17/10/2018.
Identifiers: CVE-2018-15756, VIGILANCE-VUL-27548.

Description of the vulnerability

An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-11040

Spring Framework: information disclosure via Cross-Domain Requests

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-11040, VIGILANCE-VUL-26440.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-11039

Spring Framework: information disclosure via Cross Site Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1263

Spring Integration Zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Impacted products: Spring Framework.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Identifiers: CVE-2018-1263, VIGILANCE-VUL-26358.

Description of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1261

Spring Integration Zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Impacted products: Spring Framework.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1261, VIGILANCE-VUL-26092.

Description of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1260

Spring Security OAuth: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Spring Security OAuth, in order to run code.
Impacted products: Spring Framework.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1260, VIGILANCE-VUL-26091.

Description of the vulnerability

An attacker can use a vulnerability of Spring Security OAuth, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1259

Spring Data: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Spring Data, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Spring Framework.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1259, VIGILANCE-VUL-26090.

Description of the vulnerability

An attacker can transmit malicious XML data to Spring Data, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1258

Spring Framework: privilege escalation via Spring Security Method

Synthesis of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-1258, VIGILANCE-VUL-26089.

Description of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1257

Spring Framework: denial of service via Spring-messaging

Synthesis of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpuoct2018, CVE-2018-1257, VIGILANCE-VUL-26088.

Description of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Pivotal Spring Framework: