Signature Detail

HTTP: Pivotal Spring Framework Spring Messaging Module STOMP Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Pivotal Spring Framework. Successful exploitation could lead to code execution in the context of the service.

Extended Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Affected Products

• Oracle application_testing_suite 12.5.0.3
• Oracle application_testing_suite 13.1.0.1
• Oracle application_testing_suite 13.2.0.1
• Oracle application_testing_suite 13.3.0.1
• Oracle big_data_discovery 1.6.0
• Oracle communications_diameter_signaling_router 6.0
• Oracle communications_diameter_signaling_router 8.1
• Oracle communications_diameter_signaling_router 8.2
• Oracle goldengate_for_big_data 12.2.0.1
• Oracle goldengate_for_big_data 12.3.1.1
• Oracle goldengate_for_big_data 12.3.2.1
• Oracle healthcare_master_person_index 3.0
• Oracle healthcare_master_person_index 4.0
• Oracle health_sciences_information_manager 3.0
• Oracle insurance_calculation_engine 10.1.1
• Oracle insurance_calculation_engine 10.2
• Oracle insurance_calculation_engine 10.2.1
• Oracle insurance_rules_palette 10.0
• Oracle insurance_rules_palette 10.1
• Oracle insurance_rules_palette 10.2
• Oracle insurance_rules_palette 11.0
• Oracle insurance_rules_palette 11.1
• Oracle primavera_gateway 15.2
• Oracle primavera_gateway 16.2
• Oracle primavera_gateway 17.12
• Oracle retail_customer_insights 15.0
• Oracle retail_customer_insights 16.0
• Oracle retail_open_commerce_platform 5.3.0
• Oracle retail_open_commerce_platform 6.0.0
• Oracle retail_open_commerce_platform 6.0.1
• Oracle retail_order_broker 15.0
• Oracle retail_order_broker 16.0
• Oracle retail_order_broker 5.1
• Oracle retail_order_broker 5.2
• Oracle retail_predictive_application_server 14.0
• Oracle retail_predictive_application_server 14.1
• Oracle retail_predictive_application_server 15.0
• Oracle retail_predictive_application_server 16.0
• Oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
• Oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
• Oracle tape_library_acsls 8.4
• Pivotal_software spring_framework 4.3.0
• Pivotal_software spring_framework 4.3.1
• Pivotal_software spring_framework 4.3.10
• Pivotal_software spring_framework 4.3.11
• Pivotal_software spring_framework 4.3.12
• Pivotal_software spring_framework 4.3.13
• Pivotal_software spring_framework 4.3.14
• Pivotal_software spring_framework 4.3.15
• Pivotal_software spring_framework 4.3.2
• Pivotal_software spring_framework 4.3.3
• Pivotal_software spring_framework 4.3.4
• Pivotal_software spring_framework 4.3.5
• Pivotal_software spring_framework 4.3.6
• Pivotal_software spring_framework 4.3.7
• Pivotal_software spring_framework 4.3.8
• Pivotal_software spring_framework 4.3.9
• Pivotal_software spring_framework 5.0.0
• Pivotal_software spring_framework 5.0.1
• Pivotal_software spring_framework 5.0.2
• Pivotal_software spring_framework 5.0.3
• Pivotal_software spring_framework 5.0.4

References

• BugTraq: 103696
• BugTraq: 103771
• CVE: CVE-2018-1270
• CVE: CVE-2018-1275