[jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)

Wed, 03 Jul 2019 10:10:38 -0700 

Vipin created AMQ-7236:
--------------------------

             Summary: SEV-1 Security vulnerability in 
spring-expression-4.3.11.RELEASE.jar (spring framework) 
                 Key: AMQ-7236
                 URL: https://issues.apache.org/jira/browse/AMQ-7236
             Project: ActiveMQ
          Issue Type: Bug
    Affects Versions: 5.15.9
         Environment: Apache ActiveMQ 5.15.9
            Reporter: Vipin


Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring 
framework) can it be upgraded to spring-expression-5.1.6.RELEASE.jar

SEV-1

[CVE-2018-1270|https://vss.wellsfargo.net/vuln/CVE-2018-1270] (Spring 
Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and 
older unsupported versions, allow applications to expose STOMP over WebSocket 
endpoints with a simple, in-memory STOMP broker through the spring-messaging 
module. A malicious user (or attacker) can craft a message to the broker that 
can lead to a remote code execution attack.)

[CVE-2018-1275|https://vss.wellsfargo.net/vuln/CVE-2018-1275] (Spring 
Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and 
older unsupported versions, allow applications to expose STOMP over WebSocket 
endpoints with a simple, in-memory STOMP broker through the spring-messaging 
module. A malicious user (or attacker) can craft a message to the broker that 
can lead to a remote code execution attack. This CVE addresses the partial fix 
for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.)

 

SEV-2

[CVE-2018-1199|https://vss.wellsfargo.net/vuln/CVE-2018-1199] (Spring Security 
(Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 
5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does 
not consider URL path parameters when processing security constraints. By 
adding a URL path parameter with special encodings, an attacker may be able to 
bypass a security constraint. The root cause of this issue is a lack of clarity 
regarding the handling of path parameters in the Servlet Specification. Some 
Servlet containers include path parameters in the value returned for 
getPathInfo() and some do not. Spring Security uses the value returned by 
getPathInfo() as part of the process of mapping requests to security 
constraints. In this particular attack, different character encodings used in 
path parameters allows secured Spring MVC static resource URLs to be bypassed.)

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to