{"id":14311,"date":"2018-05-10T10:06:32","date_gmt":"2018-05-10T08:06:32","guid":{"rendered":"\/?p=14311"},"modified":"2019-03-12T05:12:33","modified_gmt":"2019-03-12T04:12:33","slug":"several-spring-vulnerabilities","status":"publish","type":"post","link":"\/de\/security-alert\/several-spring-vulnerabilities\/","title":{"rendered":"Several Spring vulnerabilities"},"content":{"rendered":"<p>Original date: 10.05.2018 &#8211; UPDATE 14.05.2018: unzip vulnerability also affects spring-integration-zip 1.0.1<br \/>\nOverall risk classification: <span class=\"badge badge-danger\">HIGH<\/span><\/p>\n<h3>Overview<\/h3>\n<p>Pivotal has published several severe vulnerabilities related to Spring components. Your project may be affected if one of the following components is used: Spring Messaging, Spring Security, Spring Data Commons in combination with XMLBeam, Spring Security OAuth2, Spring Integration Zip or Apps Manager.<\/p>\n<h4>CVE-2018-1257<\/h4>\n<p>When using Spring prior to 5.0.6 or prior to 4.3.17, an attacker may be able to stage denial of service attacks by exploiting the spring-messaging module [6].<\/p>\n<p><strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Spring Framework 5.0 to 5.0.5 [6]<\/li>\n<li>Spring Framework 4.3 to 4.3.16 [6]<\/li>\n<\/ul>\n<h4>CVE-2018-1258<\/h4>\n<p>When using Spring Security in combination with Spring Framework 5.0.5.RELEASE and method security, your system may be vulnerable to authorization bypasses. An unauthorized attacker can potentially get unauthorized access to methods which should be restricted [5].<\/p>\n<p><strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Spring Framework 5.0.5 in combination with any version of Spring Security [5]<\/li>\n<\/ul>\n<h4>CVE-2018-1259<\/h4>\n<p>When using Spring Data Commons prior to 1.13.11 or 2.0.6 in combination with XMLBeam 1.4.14 or earlier, your system may be vulnerable to XML external entity injection attacks. An unauthenticated remote attacker may be able to access arbitrary files on the system [4].<\/p>\n<p><strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Spring Data Commons 1.13 to 1.13.11 (Ingalls SR11) [4]<\/li>\n<li>Spring Data REST 2.6 to 2.6.11 (Ingalls SR11) [4]<\/li>\n<li>Spring Data Commons 2.0 to 2.0.6 (Kay SR6) [4]<\/li>\n<li>Spring Data REST 3.0 to 3.0.6 (Kay SR6) [4]<\/li>\n<\/ul>\n<h4>CVE-2018-1260<\/h4>\n<p>When using Spring Security OAuth, your system may be vulnerable to remote code execution if the application acts in the role of an authorization server (e.g. @EnableAuthorizationServer) and uses the default approval endpoint [3].<\/p>\n<p><strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Spring Security OAuth 2.3 to 2.3.2 [3]<\/li>\n<li>Spring Security OAuth 2.2 to 2.2.1 [3]<\/li>\n<li>Spring Security OAuth 2.1 to 2.1.1 [3]<\/li>\n<li>Spring Security OAuth 2.0 to 2.0.14 [3]<\/li>\n<\/ul>\n<h4>CVE-2018-1261 \/ CVE-2018-1263<\/h4>\n<p>If your application uses spring-integration-zip and unpacks zip files from untrusted sources, an attacker may be able to write files to arbitrary locations on the server [2, 7].<\/p>\n<p><strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Spring Integration Zip Community Extension Project prior to version 1.0.2.RELEASE [7].<\/li>\n<\/ul>\n<h4>CVE-2018-1278<\/h4>\n<p>If your project uses the Apps Manager, which is included in the Pivotal Application Service, an attacker may be able to exploit an authorization enforcement vulnerability. Thus, he may gain unauthorized access to a lot of sensitive information [1].<br \/>\n<strong>Systems Affected<\/strong><\/p>\n<ul>\n<li>Pivotal Application Service 2.1 to 2.1.3 [2]<\/li>\n<li>Pivotal Application Service 2.0 to 2.0.12 [2]<\/li>\n<li>Pivotal Application Service 1.12 to 1.12.21 [2]<\/li>\n<\/ul>\n<h3>Threat<\/h3>\n<p><strong>Risk<\/strong>: <span class=\"badge badge-danger\">HIGH<\/span><br \/>\n<strong>Exploitability<\/strong>: <span class=\"badge badge-warning\">MEDIUM<\/span> to <span class=\"badge badge-danger\">HIGH<\/span><br \/>\n<strong>Priority<\/strong> (for affected, internet-exposed systems): <span class=\"badge badge-warning\">MEDIUM<\/span><br \/>\n<strong>Priority<\/strong> (for internal systems): <span class=\"badge badge-low\">LOW<\/span><\/p>\n<h3>Mitigation<\/h3>\n<p>If your project uses vulnerable versions of Spring, update these dependencies to the latest versions: Spring Framework 5.0.6 or 4.3.17 [6, 5], Spring Data REST 2.6.12 (Ingalls SR12) or 3.0.7 (Kay SR7) [4], Spring Security OAuth 2.3.3 or 2.2.2 or 2.1.2 or 2.0.15 [3], Spring Integration Zip Community Extension Project 1.0.2 [7], Pivotal Application Service 2.1.4, 2.0.13, 1.12.22 [1].<\/p>\n<h3>Author<\/h3>\n<p>Bj\u00f6rn Kirschner<\/p>\n<h3>References<\/h3>\n<p>[1] https:\/\/pivotal.io\/\/security\/cve-2018-1278<br \/>\n[2] https:\/\/pivotal.io\/\/security\/cve-2018-1261<br \/>\n[3] https:\/\/pivotal.io\/\/security\/cve-2018-1260<br \/>\n[4] https:\/\/pivotal.io\/\/security\/cve-2018-1259<br \/>\n[5] https:\/\/pivotal.io\/security\/cve-2018-1258<br \/>\n[6] https:\/\/pivotal.io\/security\/cve-2018-1257<br \/>\n[7] https:\/\/pivotal.io\/\/security\/cve-2018-1263<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pivotal has published several severe vulnerabilities related to Spring components. Your project may be affected if one of the following components is used: Spring Messaging, Spring Security, Spring Data Commons in combination with XMLBeam, Spring Security OAuth2, Spring Integration Zip or Apps Manager.<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[64],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Several Spring vulnerabilities - sectest.team<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"\/security-alert\/several-spring-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Several Spring vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"Pivotal has published several severe vulnerabilities related to Spring components. Your project may be affected if one of the following components is used: Spring Messaging, Spring Security, Spring Data Commons in combination with XMLBeam, Spring Security OAuth2, Spring Integration Zip or Apps Manager.\" \/>\n<meta property=\"og:url\" content=\"\/security-alert\/several-spring-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"sectest.team\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-10T08:06:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-03-12T04:12:33+00:00\" \/>\n<meta name=\"author\" content=\"Tuyen Nguyen\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tuyen Nguyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"\/security-alert\/several-spring-vulnerabilities\/\",\"url\":\"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/\",\"name\":\"[:en]Several Spring vulnerabilities[:] - sectest.team\",\"isPartOf\":{\"@id\":\"https:\/\/sectest.hostpress.me\/#website\"},\"datePublished\":\"2018-05-10T08:06:32+00:00\",\"dateModified\":\"2019-03-12T04:12:33+00:00\",\"author\":{\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28\"},\"breadcrumb\":{\"@id\":\"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"de-DE\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Several Spring vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sectest.hostpress.me\/#website\",\"url\":\"https:\/\/sectest.hostpress.me\/\",\"name\":\"sectest.team\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sectest.hostpress.me\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de-DE\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28\",\"name\":\"Tuyen Nguyen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de-DE\",\"@id\":\"https:\/\/sectest.hostpress.me\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g\",\"caption\":\"Tuyen Nguyen\"},\"url\":\"\/de\/security-alert\/author\/tutnguyen\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Several Spring vulnerabilities - sectest.team","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/","og_locale":"de_DE","og_type":"article","og_title":"[:en]Several Spring vulnerabilities[:] - sectest.team","og_description":"[:en]Pivotal has published several severe vulnerabilities related to Spring components. Your project may be affected if one of the following components is used: Spring Messaging, Spring Security, Spring Data Commons in combination with XMLBeam, Spring Security OAuth2, Spring Integration Zip or Apps Manager.[:]","og_url":"\/security-alert\/several-spring-vulnerabilities\/","og_site_name":"sectest.team","article_published_time":"2018-05-10T08:06:32+00:00","article_modified_time":"2019-03-12T04:12:33+00:00","author":"Tuyen Nguyen","twitter_misc":{"Verfasst von":"Tuyen Nguyen","Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"\/security-alert\/several-spring-vulnerabilities\/","url":"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/","name":"[:en]Several Spring vulnerabilities[:] - sectest.team","isPartOf":{"@id":"https:\/\/sectest.hostpress.me\/#website"},"datePublished":"2018-05-10T08:06:32+00:00","dateModified":"2019-03-12T04:12:33+00:00","author":{"@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28"},"breadcrumb":{"@id":"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/#breadcrumb"},"inLanguage":"de-DE","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sectest.hostpress.me\/security-alert\/several-spring-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"\/de\/"},{"@type":"ListItem","position":2,"name":"Several Spring vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/sectest.hostpress.me\/#website","url":"https:\/\/sectest.hostpress.me\/","name":"sectest.team","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectest.hostpress.me\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de-DE"},{"@type":"Person","@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/ac34e9ab3a597646eb101a26405d2c28","name":"Tuyen Nguyen","image":{"@type":"ImageObject","inLanguage":"de-DE","@id":"https:\/\/sectest.hostpress.me\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ebe0b5655ad033f17aac019256490ba4?s=96&d=mm&r=g","caption":"Tuyen Nguyen"},"url":"\/de\/security-alert\/author\/tutnguyen\/"}]}},"_links":{"self":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14311"}],"collection":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/comments?post=14311"}],"version-history":[{"count":4,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14311\/revisions"}],"predecessor-version":[{"id":14351,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/posts\/14311\/revisions\/14351"}],"wp:attachment":[{"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/media?parent=14311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/categories?post=14311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectest.hostpress.me\/de\/wp-json\/wp\/v2\/tags?post=14311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}