Vulnerability

CVE-2018-1270

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-358

References

http://www.polaris-lab.com/index.php/archives/501/
https://chybeta.github.io/2018/04/07/spring-messaging-Remote-Code-Execution-%E5%88%86%E6%9E%90-%E3%80%90CVE-2018-1270%E3%80%91/
https://jira.spring.io/browse/SPR-16588
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1270

[CVE-2018-1270] CWE-358: Improperly Implemented Security Check for Standard

Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

See org.springframework/spring-expression package information