oracle agile-product-lifecycle-management CVE-2018-11040 vulnerability in Oracle and Other Products
Published on June 25, 2018

product logo product logo product logo product logo
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

NVD


Products Associated with CVE-2018-11040

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-11040 are published in these products:

Oracle Agile Product Lifecycle Management
 
Oracle Application Testing Suite
 
Oracle Communications Services Gatekeeper
 
Oracle Communications Unified Inventory Management
 
Oracle Endeca Information Discovery Integrator
 
Oracle Enterprise Manager
 
Oracle Enterprise Manager Ops Center
 
Oracle Flexcube Private Banking
 
Oracle Healthcare Master Person Index
 
Oracle Hospitality Guest Access
 
Oracle Insurance Rules Palette
 
Oracle Micros Lucas
 
Oracle Mysql Enterprise Monitor
 
Oracle Product Lifecycle Management
 
Oracle Retail Customer Insights
 
Oracle Utilities Network Management System
 
Oracle Weblogic Server
 
Pivotal Software Spring Framework
 
Oracle Communications Network Integrity
 
Oracle Communications Online Mediation Controller
 
Oracle Insurance Calculation Engine
 
Oracle Retail Advanced Inventory Planning
 
Oracle Retail Clearance Optimization Engine
 
Oracle Retail Markdown Optimization
 
Oracle Retail Predictive Application Server
 
Oracle Retail Service Backbone
 
Oracle Retail Xstore Point Of Service
 
Debian Linux
 
VMware Spring Framework
 

Affected Versions

Pivotal Spring Framework:

Exploit Probability

EPSS
7.32%
Percentile
91.48%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.