Логотип exploitDog
bind:CVE-2018-1272
Консоль
Логотип exploitDog

exploitDog

bind:CVE-2018-1272

Количество 5

Количество 5

ubuntu логотип

CVE-2018-1272

больше 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 7.5
EPSS: Низкий
redhat логотип

CVE-2018-1272

больше 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2018-1272

больше 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 7.5
EPSS: Низкий
debian логотип

CVE-2018-1272

больше 7 лет назад

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...

CVSS3: 7.5
EPSS: Низкий
github логотип

GHSA-4487-x383-qpph

почти 7 лет назад

Possible privilege escalation in org.springframework:spring-core

CVSS3: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 7.5
2%
Низкий
больше 7 лет назад
redhat логотип
CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 5.3
2%
Низкий
больше 7 лет назад
nvd логотип
CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

CVSS3: 7.5
2%
Низкий
больше 7 лет назад
debian логотип
CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...

CVSS3: 7.5
2%
Низкий
больше 7 лет назад
github логотип
GHSA-4487-x383-qpph

Possible privilege escalation in org.springframework:spring-core

CVSS3: 7.5
2%
Низкий
почти 7 лет назад

Уязвимостей на страницу