Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-1272
PUBLISHED
More InfoOfficial Page
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
View Known Exploited Vulnerability (KEV) details
Published At-06 Apr, 2018 | 13:00
Updated At-17 Sep, 2024 | 02:15
Rejected At-
▼CVE Numbering Authority (CNA)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Affected Products
Vendor
VMware (Broadcom Inc.)Spring by Pivotal
Product
Spring Framework
Versions
Affected
  • Versions prior to 5.0.5 and 4.3.15
Problem Types
TypeCWE IDDescription
textN/ACAPEC-233 - Privilege Escalation
Type: text
CWE ID: N/A
Description: CAPEC-233 - Privilege Escalation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/103697
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2669
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1320
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
https://pivotal.io/security/cve-2018-1272
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/103697
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2018:2669
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1320
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
Hyperlink: https://pivotal.io/security/cve-2018-1272
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/103697
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2018:2669
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1320
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_refsource_MISC
x_transferred
https://pivotal.io/security/cve-2018-1272
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103697
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:2669
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:1320
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://pivotal.io/security/cve-2018-1272
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
x_transferred
Details not found