CVE-2018-1270 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-1270 PUBLISHED

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

EPSS 89.95% · 99.6th percentile

Risk Scores

EPSS Score

89.95%

99.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	libspring-java	0, 4.3.11-1, 4.3.12-1

Timeline

Apr 5, 2018 CVE Published
May 29, 2018 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 21, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Mar 5, 2023 EPSS Score
Mar 31, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2018-1270 third-party-advisory
https://pivotal.io/security/cve-2018-1270 third-party-advisory
https://bugs.launchpad.net/ubuntu/+source/saaj/+bug/1814133 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-1270 third-party-advisory

Open in Interactive Console →