Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:CTS-CVE-2018-1273-RCE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Pivotal Spring Framework isWritableProperty SpEL Injection |
Release Date |
2018/09/27 |
Update Number |
3103 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Pivotal Spring Framework isWritableProperty SpEL Injection
This signature detects attempts to exploit a known vulnerability against Pivotal Spring Framework.Successful exploitation results in arbitrary code execution under the security context of the target application.
Extended Description
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Affected Products
- Apache ignite 1.0.0
- Apache ignite 1.0.1
- Apache ignite 1.0.2
- Apache ignite 1.1.0
- Apache ignite 1.1.3
- Apache ignite 1.1.4
- Apache ignite 1.2.0
- Apache ignite 1.3.0
- Apache ignite 1.3.1
- Apache ignite 1.3.2
- Apache ignite 1.3.3
- Apache ignite 1.4.0
- Apache ignite 1.4.1
- Apache ignite 1.5.0
- Apache ignite 1.6.0
- Apache ignite 1.6.4
- Apache ignite 1.7.0
- Apache ignite 1.7.10
- Apache ignite 1.8.0
- Apache ignite 1.9.0
- Apache ignite 2.0.0
- Apache ignite 2.1.0
- Apache ignite 2.2.0
- Apache ignite 2.3.0
- Apache ignite 2.4.0
- Apache ignite 2.5.0
- Pivotal_software spring_data_commons 1.12.10
- Pivotal_software spring_data_commons 1.13.0
- Pivotal_software spring_data_commons 1.13.1
- Pivotal_software spring_data_commons 1.13.10
- Pivotal_software spring_data_commons 1.13.2
- Pivotal_software spring_data_commons 1.13.3
- Pivotal_software spring_data_commons 1.13.4
- Pivotal_software spring_data_commons 1.13.5
- Pivotal_software spring_data_commons 1.13.6
- Pivotal_software spring_data_commons 1.13.7
- Pivotal_software spring_data_commons 1.13.8
- Pivotal_software spring_data_commons 1.13.9
- Pivotal_software spring_data_commons 2.0.0
- Pivotal_software spring_data_commons 2.0.1
- Pivotal_software spring_data_commons 2.0.2
- Pivotal_software spring_data_commons 2.0.3
- Pivotal_software spring_data_commons 2.0.4
- Pivotal_software spring_data_commons 2.0.5
- Pivotal_software spring_data_rest 2.5.10
- Pivotal_software spring_data_rest 2.6
- Pivotal_software spring_data_rest 2.6.0
- Pivotal_software spring_data_rest 2.6.1
- Pivotal_software spring_data_rest 2.6.10
- Pivotal_software spring_data_rest 2.6.2
- Pivotal_software spring_data_rest 2.6.3
- Pivotal_software spring_data_rest 2.6.4
- Pivotal_software spring_data_rest 2.6.5
- Pivotal_software spring_data_rest 2.6.6
- Pivotal_software spring_data_rest 2.6.7
- Pivotal_software spring_data_rest 2.6.8
- Pivotal_software spring_data_rest 2.6.9
- Pivotal_software spring_data_rest 3.0.0
- Pivotal_software spring_data_rest 3.0.1
- Pivotal_software spring_data_rest 3.0.2
- Pivotal_software spring_data_rest 3.0.3
- Pivotal_software spring_data_rest 3.0.4
- Pivotal_software spring_data_rest 3.0.5
References
- CVE: CVE-2018-1273