CVE-2018-1272
Last modified
CVE-2018-1272 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. EPSS estimates a 2.84% chance of exploitation in the next 30 days.
Description
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 4.3.0, < 4.3.15 |
| Vmware | Spring Framework | >= 5.0, < 5.0.5 |
| Oracle | Application Testing Suite | 12.5.0.3 |
| Oracle | Application Testing Suite | 13.1.0.1 |
| Oracle | Application Testing Suite | 13.2.0.1 |
| Oracle | Application Testing Suite | 13.3.0.1 |
| Oracle | Big Data Discovery | 1.6.0 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Diameter Signaling Router | < 8.3 |
| Oracle | Communications Performance Intelligence Center | < 10.2.1 |
| Oracle | Communications Services Gatekeeper | < 6.1.0.4.0 |
| Oracle | Enterprise Manager Ops Center | 12.2.2 |
| Oracle | Enterprise Manager Ops Center | 12.3.3 |
| Oracle | Goldengate For Big Data | 12.2.0.1 |
| Oracle | Goldengate For Big Data | 12.3.1.1 |
| Oracle | Goldengate For Big Data | 12.3.2.1 |
| Oracle | Health Sciences Information Manager | 3.0 |
| Oracle | Healthcare Master Person Index | 3.0 |
| Oracle | Healthcare Master Person Index | 4.0 |
| Oracle | Insurance Calculation Engine | 10.1.1 |
| Oracle | Insurance Calculation Engine | 10.2 |
| Oracle | Insurance Calculation Engine | 10.2.1 |
| Oracle | Insurance Rules Palette | 10.0 |
| Oracle | Insurance Rules Palette | 10.1 |
| Oracle | Insurance Rules Palette | 10.2 |
| Oracle | Insurance Rules Palette | 11.0 |
| Oracle | Insurance Rules Palette | 11.1 |
| Oracle | Primavera Gateway | 15.2 |
| Oracle | Primavera Gateway | 16.2 |
| Oracle | Primavera Gateway | 17.12 |
| Oracle | Retail Back Office | 14.0 |
| Oracle | Retail Back Office | 14.1 |
| Oracle | Retail Central Office | 14.0 |
| Oracle | Retail Central Office | 14.1 |
| Oracle | Retail Customer Insights | 15.0 |
| Oracle | Retail Customer Insights | 16.0 |
| Oracle | Retail Integration Bus | 14.0.1 |
| Oracle | Retail Integration Bus | 14.0.2 |
| Oracle | Retail Integration Bus | 14.0.3 |
| Oracle | Retail Integration Bus | 14.0.4 |
| Oracle | Retail Integration Bus | 14.1.1 |
| Oracle | Retail Integration Bus | 14.1.2 |
| Oracle | Retail Integration Bus | 14.1.3 |
| Oracle | Retail Integration Bus | 15.0.0.1 |
| Oracle | Retail Integration Bus | 15.0.1 |
| Oracle | Retail Integration Bus | 15.0.2 |
| Oracle | Retail Integration Bus | 16.0 |
| Oracle | Retail Integration Bus | 16.0.1 |
| Oracle | Retail Integration Bus | 16.0.2 |
| Oracle | Retail Open Commerce Platform | 5.3.0 |
Showing 50 of 67 affected configurations. See NVD for the full list.
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/103697Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
- https://pivotal.io/security/cve-2018-1272Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/103697Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
- https://pivotal.io/security/cve-2018-1272Vendor Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1272?
How severe is CVE-2018-1272?
How do I fix CVE-2018-1272?
Are you affected by CVE-2018-1272?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST