| Revision Date: | 2018-04-06 | Version: | 1 | | Title: | CVE-2018-1270 on Ubuntu 16.04 LTS (xenial) - high. | | Description: | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-1270
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libspring-aop-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-beans-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-context-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-context-support-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-core-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-expression-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-instrument-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-jdbc-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-jms-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-orm-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-oxm-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-test-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-transaction-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-web-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-web-portlet-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libspring-web-servlet-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
|
|