Oval Definition:oval:com.ubuntu.trusty:def:20181257000
Revision Date:2018-05-11Version:1
Title:CVE-2018-1257 on Ubuntu 14.04 LTS (trusty) - low.
Description:Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-1257
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND The vulnerability of the 'libspring-java' package in trusty is not known (status: 'needs-triage'). It is pending evaluation.
  • BACK