pivotalsoftware spring-framework CVE-2018-11039 vulnerability in Pivotal Software and Other Products
Published on June 25, 2018

product logo product logo product logo product logo
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

NVD


Products Associated with CVE-2018-11039

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-11039 are published in these products:

Pivotal Software Spring Framework
 
Oracle Agile Plm
 
Oracle Application Testing Suite
 
Oracle Communications Diameter Signaling Router
 
Oracle Communications Network Integrity
 
Oracle Communications Online Mediation Controller
 
Oracle Communications Performance Intelligence Center
 
Oracle Communications Services Gatekeeper
 
Oracle Communications Unified Inventory Management
 
Oracle Endeca Information Discovery Integrator
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Manager Mysql Database
 
Oracle Enterprise Manager Ops Center
 
Oracle Health Sciences Information Manager
 
Oracle Healthcare Master Person Index
 
Oracle Hospitality Guest Access
 
Oracle Insurance Calculation Engine
 
Oracle Insurance Rules Palette
 
Oracle Micros Lucas
 
Oracle Mysql Enterprise Monitor
 
Oracle Primavera P6 Enterprise Project Portfolio Management
 
Oracle Retail Advanced Inventory Planning
 
Oracle Retail Assortment Planning
 
Oracle Retail Clearance Optimization Engine
 
Oracle Retail Customer Insights
 
Oracle Retail Financial Integration
 
Oracle Retail Integration Bus
 
Oracle Retail Markdown Optimization
 
Oracle Retail Predictive Application Server
 
Oracle Retail Xstore Point Of Service
 
Oracle Utilities Network Management System
 
Oracle Weblogic Server
 
Debian Linux
 
VMware Spring Framework
 

Affected Versions

Pivotal Spring Framework:

Exploit Probability

EPSS
2.60%
Percentile
85.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.