The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Spring Framework

cybersecurity bulletin CVE-2018-11040

Spring Framework: information disclosure via Cross-Domain Requests

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11040, VIGILANCE-VUL-26440.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-11039

Spring Framework: information disclosure via Cross Site Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2018-1263

Spring Integration Zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Severity: 2/4.
Creation date: 08/06/2018.
Identifiers: CVE-2018-1263, VIGILANCE-VUL-26358.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-1261

Spring Integration Zip: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1261, VIGILANCE-VUL-26092.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Spring Integration Zip, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-1260

Spring Security OAuth: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Spring Security OAuth, in order to run code.
Severity: 3/4.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1260, VIGILANCE-VUL-26091.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability of Spring Security OAuth, in order to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-1259

Spring Data: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Spring Data, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1259, VIGILANCE-VUL-26090.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data to Spring Data, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2018-1258

Spring Framework: privilege escalation via Spring Security Method

Synthesis of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1258, DSA-2019-093, VIGILANCE-VUL-26089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Spring Security Method of Spring Framework, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1257

Spring Framework: denial of service via Spring-messaging

Synthesis of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1257, VIGILANCE-VUL-26088.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2018-1274

Spring Data Commons: denial of service via Unlimited Resource Allocation

Synthesis of the vulnerability

An attacker can generate a fatal error via Unlimited Resource Allocation of Spring Data Commons, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1274, VIGILANCE-VUL-25844.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Unlimited Resource Allocation of Spring Data Commons, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2018-1273

Spring Data Commons: code execution via Special Elements

Synthesis of the vulnerability

An attacker can use a vulnerability via Special Elements of Spring Data Commons, in order to run code.
Severity: 4/4.
Creation date: 11/04/2018.
Identifiers: CVE-2018-1273, VIGILANCE-VUL-25843.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Special Elements of Spring Data Commons, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Spring Framework: