Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1271

Опубликовано: 05 апр. 2018
Источник: redhat
CVSS3: 6.5

Описание

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8springframeworkNot affected
Red Hat JBoss A-MQ 6springOut of support scope
Red Hat JBoss BRMS 5springOut of support scope
Red Hat JBoss Data Virtualization 6springOut of support scope
Red Hat JBoss Enterprise Application Platform 5springOut of support scope
Red Hat JBoss Fuse 6springWill not fix
Red Hat JBoss Fuse Integration Service 2springAffected
Red Hat JBoss Fuse Service Works 6springOut of support scope
Red Hat JBoss SOA Platform 5springOut of support scope
Red Hat Mobile Application Platform 4springNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1571050spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1271

CVSS3: 5.9
ubuntu
около 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

nvd логотип

CVE-2018-1271

CVSS3: 5.9
nvd
около 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

debian логотип

CVE-2018-1271

CVSS3: 5.9
debian
около 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...

github логотип

GHSA-g8hw-794c-4j9g

CVSS3: 5.9
github
больше 6 лет назад

Path Traversal in org.springframework:spring-core

6.5 Medium

CVSS3