oracle agile-product-lifecycle-management CVE-2018-1257 vulnerability in Oracle and Other Products
Published on May 11, 2018

product logo product logo product logo product logo
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2018-1257

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-1257 are published in these products:

Oracle Agile Product Lifecycle Management
 
Oracle Application Testing Suite
 
Oracle Big Data Discovery
 
Oracle Communications Converged Application Server
 
Oracle Communications Diameter Signaling Router
 
Oracle Communications Performance Intelligence Center
 
Oracle Communications Services Gatekeeper
 
Oracle Communications Unified Inventory Management
 
Oracle Endeca Information Discovery Integrator
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Manager Mysql Database
 
Oracle Enterprise Manager Ops Center
 
Oracle Flexcube Private Banking
 
Oracle Goldengate For Big Data
 
Oracle Healthcare Master Person Index
 
Oracle Health Sciences Information Manager
 
Oracle Hospitality Guest Access
 
Oracle Insurance Calculation Engine
 
Oracle Insurance Rules Palette
 
Oracle Primavera Gateway
 
Oracle Retail Customer Insights
 
Oracle Retail Open Commerce Platform
 
Oracle Retail Order Broker
 
Oracle Retail Predictive Application Server
 
Oracle Service Architecture Leveraging Tuxedo
 
Oracle Tape Library Acsls
 
Oracle Utilities Network Management System
 
Oracle Weblogic Server
 
Pivotal Software Spring Framework
 
Red Hat Openshift
 
VMware Spring Framework
 

Affected Versions

Pivotal Spring Framework Version 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17 is affected by CVE-2018-1257

Exploit Probability

EPSS
1.33%
Percentile
79.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.