First published: Thu Jun 14 2018(Updated: )
Pivotal Spring Framework is vulnerable to cross-site tracing, caused by a flaw in the HiddenHttpMethodFilter in Spring MVC. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to cause the victim's browser to invoke a TRACE request to return sensitive header information including cookies or authentication data from third-party domains.
Credit: security_alert@emc.com security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM GDE | <=3.0.0.2 | |
maven/org.springframework:spring-web | >=4.3.0<4.3.18 | 4.3.18 |
maven/org.springframework:spring-web | >=5.0.0<5.0.7 | 5.0.7 |
VMware Spring Framework | <4.3.18 | |
VMware Spring Framework | >=5.0.0<5.0.7 | |
Oracle Agile PLM | =9.3.3 | |
Oracle Agile PLM | =9.3.4 | |
Oracle Agile PLM | =9.3.5 | |
Oracle Agile PLM | =9.3.6 | |
Oracle Application Testing Suite | =12.5.0.3 | |
Oracle Application Testing Suite | =13.1.0.1 | |
Oracle Application Testing Suite | =13.2.0.1 | |
Oracle Application Testing Suite | =13.3.0.1 | |
Oracle Communications Diameter Signaling Router | <8.3 | |
Oracle Communications Network Integrity | >=7.3.2<=7.3.6 | |
Oracle Communications Online Mediation Controller | =6.1 | |
Oracle Communications Performance Intelligence Center | <10.2.1 | |
Oracle Communications Services Gatekeeper | <6.1.0.4.0 | |
Oracle Communications Unified Inventory Management | =7.3.2 | |
Oracle Communications Unified Inventory Management | =7.3.4 | |
Oracle Communications Unified Inventory Management | =7.3.5 | |
Oracle Communications Unified Inventory Management | =7.4.0 | |
Oracle Endeca Information Discovery Integrator | =3.1.0 | |
Oracle Endeca Information Discovery Integrator | =3.2.0 | |
Oracle Enterprise Manager Base Platform | =12.1.0.5.0 | |
Oracle Enterprise Manager Base Platform | =13.2.0.0.0 | |
Oracle Enterprise Manager Base Platform | =13.3.0.0.0 | |
Oracle Enterprise Manager For Mysql Database | =13.2 | |
Oracle Enterprise Manager Ops Center | =12.3.3 | |
Oracle Health Sciences Information Manager | =3.0 | |
Oracle Healthcare Master Person Index | =3.0 | |
Oracle Healthcare Master Person Index | =4.0 | |
Oracle Hospitality Guest Access | =4.2.0 | |
Oracle Hospitality Guest Access | =4.2.1 | |
Oracle Insurance Calculation Engine | >=11.0.0<=11.3.1 | |
Oracle Insurance Calculation Engine | =10.2 | |
Oracle Insurance Rules Palette | =10.0 | |
Oracle Insurance Rules Palette | =10.2 | |
Oracle Micros Lucas | =2.9.5 | |
Oracle Mysql Enterprise Monitor | <=3.4.9.4237 | |
Oracle Mysql Enterprise Monitor | >=4.0.0<=4.0.6.5281 | |
Oracle Mysql Enterprise Monitor | >=8.0.0<=8.0.2.8191 | |
Oracle Primavera P6 Enterprise Project Portfolio Management | =18.8 | |
Oracle Retail Advanced Inventory Planning | =15.0 | |
Oracle Retail Assortment Planning | =14.1 | |
Oracle Retail Assortment Planning | =15.0 | |
Oracle Retail Assortment Planning | =16.0 | |
Oracle Retail Clearance Optimization Engine | =14.0.5 | |
Oracle Retail Customer Insights | =15.0 | |
Oracle Retail Customer Insights | =16.0 | |
Oracle Retail Financial Integration | =13.2 | |
Oracle Retail Financial Integration | =14.0 | |
Oracle Retail Financial Integration | =14.1 | |
Oracle Retail Financial Integration | =15.0 | |
Oracle Retail Financial Integration | =16.0 | |
Oracle Retail Integration Bus | =14.1.2 | |
Oracle Retail Markdown Optimization | =13.4.4 | |
Oracle Retail Predictive Application Server | =14.0.3.26 | |
Oracle Retail Predictive Application Server | =14.1.3.37 | |
Oracle Retail Predictive Application Server | =15.0.3..100 | |
Oracle Retail Predictive Application Server | =16.0 | |
Oracle Retail Xstore Point of Service | =7.1 | |
Oracle Utilities Network Management System | =1.12.0.3 | |
Oracle WebLogic Server | =10.3.6.0.0 | |
Oracle WebLogic Server | =12.1.3.0.0 | |
Oracle WebLogic Server | =12.2.1.3.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.