CVE-2018-1257

First published: Wed May 09 2018(Updated: )

Pivotal Spring Framework is vulnerable to a denial of service. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to perform a regular expression denial of service attack.

Credit: security_alert@emc.com security_alert@emc.com

Affected Software	Affected Version	How to fix
IBM GDE	<=3.0.0.2
redhat/spring-framework	<5.0.6	5.0.6
redhat/spring-framework	<4.3.17	4.3.17
maven/org.springframework:spring-core	<4.3.17	4.3.17
maven/org.springframework:spring-core	>=5.0.0<5.0.6	5.0.6
VMware Spring Framework	<4.3.17
VMware Spring Framework	>=5.0.0<5.0.6
Redhat Openshift
Oracle Agile Product Lifecycle Management	=9.3.3
Oracle Agile Product Lifecycle Management	=9.3.4
Oracle Agile Product Lifecycle Management	=9.3.5
Oracle Agile Product Lifecycle Management	=9.3.6
Oracle Application Testing Suite	=12.5.0.3
Oracle Application Testing Suite	=13.1.0.1
Oracle Application Testing Suite	=13.2.0.1
Oracle Application Testing Suite	=13.3.0.1
Oracle Big Data Discovery	=1.6.0
Oracle Communications Converged Application Server	<7.0.0.1
Oracle Communications Diameter Signaling Router	<8.3
Oracle Communications Performance Intelligence Center	<10.2.1
Oracle Communications Services Gatekeeper	<6.1.0.4.0
Oracle Communications Unified Inventory Management	=7.3.2
Oracle Communications Unified Inventory Management	=7.3.4
Oracle Communications Unified Inventory Management	=7.3.5
Oracle Communications Unified Inventory Management	=7.4.0
Oracle Endeca Information Discovery Integrator	=3.1.0
Oracle Endeca Information Discovery Integrator	=3.2.0
Oracle Enterprise Manager Base Platform	=12.1.0.5.0
Oracle Enterprise Manager Base Platform	=13.2.0.0.0
Oracle Enterprise Manager Base Platform	=13.3.0.0.0
Oracle Enterprise Manager For Mysql Database	=13.2
Oracle Enterprise Manager Ops Center	=12.3.3
Oracle FLEXCUBE Private Banking	=2.0.0.0
Oracle FLEXCUBE Private Banking	=2.2.0.1
Oracle FLEXCUBE Private Banking	=12.0.1.0
Oracle FLEXCUBE Private Banking	=12.0.3.0
Oracle FLEXCUBE Private Banking	=12.1.0.0
Oracle Goldengate For Big Data	=12.2.0.1
Oracle Goldengate For Big Data	=12.3.1.1
Oracle Goldengate For Big Data	=12.3.2.1
Oracle Health Sciences Information Manager	=3.0
Oracle Healthcare Master Person Index	=3.0
Oracle Healthcare Master Person Index	=4.0
Oracle Hospitality Guest Access	=4.2.0
Oracle Hospitality Guest Access	=4.2.1
Oracle Insurance Calculation Engine	=10.1.1
Oracle Insurance Calculation Engine	=10.2
Oracle Insurance Calculation Engine	=10.2.1
Oracle Insurance Rules Palette	=10.0
Oracle Insurance Rules Palette	=10.1
Oracle Insurance Rules Palette	=10.2
Oracle Insurance Rules Palette	=11.0
Oracle Insurance Rules Palette	=11.1
Oracle Primavera Gateway	=15.2
Oracle Primavera Gateway	=16.2
Oracle Primavera Gateway	=17.12
Oracle Retail Customer Insights	=15.0
Oracle Retail Customer Insights	=16.0
Oracle Retail Open Commerce Platform	=5.3.0
Oracle Retail Open Commerce Platform	=6.0.0
Oracle Retail Open Commerce Platform	=6.0.1
Oracle Retail Order Broker	=5.1
Oracle Retail Order Broker	=5.2
Oracle Retail Order Broker	=15.0
Oracle Retail Order Broker	=16.0
Oracle Retail Predictive Application Server	=14.0
Oracle Retail Predictive Application Server	=14.1
Oracle Retail Predictive Application Server	=15.0
Oracle Retail Predictive Application Server	=16.0
Oracle Service Architecture Leveraging Tuxedo	=12.1.3.0.0
Oracle Service Architecture Leveraging Tuxedo	=12.2.2.0.0
Oracle Tape Library Acsls	=8.4
Oracle Utilities Network Management System	=1.12.0.3
Oracle WebLogic Server	=10.3.6.0.0
Oracle WebLogic Server	=12.1.3.0.0
Oracle WebLogic Server	=12.2.1.3.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6403331

agent/type
agent/first-publish-date
agent/remedy
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-1257
agent/software-canonical-lookup
agent/severity
agent/references
agent/event
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-rcpf-vj53-7h2m
agent/last-modified-date
collector/github-advisory
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
agent/softwarecombine
collector/ibm-support
source/IBM
agent/tags
collector/mitre-cve
source/MITRE
package-manager/redhat
package-manager/maven
vendor/vmware
canonical/vmware spring framework
version/vmware spring framework/5.0.0
vendor/redhat
canonical/redhat openshift
vendor/oracle
canonical/oracle agile product lifecycle management
version/oracle agile product lifecycle management/9.3.3
version/oracle agile product lifecycle management/9.3.4
version/oracle agile product lifecycle management/9.3.5
version/oracle agile product lifecycle management/9.3.6
canonical/oracle application testing suite
version/oracle application testing suite/12.5.0.3
version/oracle application testing suite/13.1.0.1
version/oracle application testing suite/13.2.0.1
version/oracle application testing suite/13.3.0.1
canonical/oracle big data discovery
version/oracle big data discovery/1.6.0
canonical/oracle communications converged application server
canonical/oracle communications diameter signaling router
canonical/oracle communications performance intelligence center
canonical/oracle communications services gatekeeper
canonical/oracle communications unified inventory management
version/oracle communications unified inventory management/7.3.2
version/oracle communications unified inventory management/7.3.4
version/oracle communications unified inventory management/7.3.5
version/oracle communications unified inventory management/7.4.0
canonical/oracle endeca information discovery integrator
version/oracle endeca information discovery integrator/3.1.0
version/oracle endeca information discovery integrator/3.2.0
canonical/oracle enterprise manager base platform
version/oracle enterprise manager base platform/12.1.0.5.0
version/oracle enterprise manager base platform/13.2.0.0.0
version/oracle enterprise manager base platform/13.3.0.0.0
canonical/oracle enterprise manager for mysql database
version/oracle enterprise manager for mysql database/13.2
canonical/oracle enterprise manager ops center
version/oracle enterprise manager ops center/12.3.3
canonical/oracle flexcube private banking
version/oracle flexcube private banking/2.0.0.0
version/oracle flexcube private banking/2.2.0.1
version/oracle flexcube private banking/12.0.1.0
version/oracle flexcube private banking/12.0.3.0
version/oracle flexcube private banking/12.1.0.0
canonical/oracle goldengate for big data
version/oracle goldengate for big data/12.2.0.1
version/oracle goldengate for big data/12.3.1.1
version/oracle goldengate for big data/12.3.2.1
canonical/oracle health sciences information manager
version/oracle health sciences information manager/3.0
canonical/oracle healthcare master person index
version/oracle healthcare master person index/3.0
version/oracle healthcare master person index/4.0
canonical/oracle hospitality guest access
version/oracle hospitality guest access/4.2.0
version/oracle hospitality guest access/4.2.1
canonical/oracle insurance calculation engine
version/oracle insurance calculation engine/10.1.1
version/oracle insurance calculation engine/10.2
version/oracle insurance calculation engine/10.2.1
canonical/oracle insurance rules palette
version/oracle insurance rules palette/10.0
version/oracle insurance rules palette/10.1
version/oracle insurance rules palette/10.2
version/oracle insurance rules palette/11.0
version/oracle insurance rules palette/11.1
canonical/oracle primavera gateway
version/oracle primavera gateway/15.2
version/oracle primavera gateway/16.2
version/oracle primavera gateway/17.12
canonical/oracle retail customer insights
version/oracle retail customer insights/15.0
version/oracle retail customer insights/16.0
canonical/oracle retail open commerce platform
version/oracle retail open commerce platform/5.3.0
version/oracle retail open commerce platform/6.0.0
version/oracle retail open commerce platform/6.0.1
canonical/oracle retail order broker
version/oracle retail order broker/5.1
version/oracle retail order broker/5.2
version/oracle retail order broker/15.0
version/oracle retail order broker/16.0
canonical/oracle retail predictive application server
version/oracle retail predictive application server/14.0
version/oracle retail predictive application server/14.1
version/oracle retail predictive application server/15.0
version/oracle retail predictive application server/16.0
canonical/oracle service architecture leveraging tuxedo
version/oracle service architecture leveraging tuxedo/12.1.3.0.0
version/oracle service architecture leveraging tuxedo/12.2.2.0.0
canonical/oracle tape library acsls
version/oracle tape library acsls/8.4
canonical/oracle utilities network management system
version/oracle utilities network management system/1.12.0.3
canonical/oracle weblogic server
version/oracle weblogic server/10.3.6.0.0
version/oracle weblogic server/12.1.3.0.0
version/oracle weblogic server/12.2.1.3.0
vendor/ibm
canonical/ibm gde
version/ibm gde/3.0.0.2

CVE-2018-1257

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact