{"uuid": "045714cc-fe74-4c5d-9a28-fe95ce9b8fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "RHSA-2018:2939", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2018-1275\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.\n\ud83d\udccf Published: 2018-10-17T20:28:00Z\n\ud83d\udccf Modified: 2025-01-31T19:03:33Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2018-1275\n2. https://github.com/spring-projects/spring-framework/commit/0009806debb578e884f6dc98bd1f2dc668020021\n3. https://github.com/spring-projects/spring-framework/commit/e0de9126ed8cf25cf141d3e66420da94e350708a\n4. https://access.redhat.com/errata/RHSA-2018:1320\n5. https://access.redhat.com/errata/RHSA-2018:2939\n6. https://github.com/spring-projects/spring-framework\n7. https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E\n8. https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E\n9. https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E\n10. https://pivotal.io/security/cve-2018-1275\n11. https://web.archive.org/web/20190901081835/http://www.securitytracker.com/id/1041301\n12. https://web.archive.org/web/20200227033125/http://www.securityfocus.com/bid/103771\n13. https://www.oracle.com/security-alerts/cpujul2020.html\n14. https://www.oracle.com/security-alerts/cpuoct2021.html\n15. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\n16. https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\n17. http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\n18. http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "creation_timestamp": "2025-01-31T19:15:57.000000Z"}