What is CVE-2018-11039?

CVE-2018-11039 is a vulnerability in Pivotal Spring Framework. Published 2018-06-25.

Is CVE-2018-11039 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Framework

CVE-2018-11039

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter…

EPSS: 0.026 (85.9th percentile) — read the EPSS interpretation.

Affected products

Pivotal Spring Framework — versions 4.3.x, 5.0.x

Public proof-of-concept exploits

References

107984 (vdb-entry, x_refsource_BID)
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (x_refsource_MISC)
www.oracle.com/security-alerts/cpujan2020.html (x_refsource_MISC)
pivotal.io/security/cve-2018-11039 (x_refsource_CONFIRM)
[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update (mailing-list, x_refsource_MLIST)
www.oracle.com/security-alerts/cpuoct2021.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-11039?: CVE-2018-11039 is a vulnerability in Pivotal Spring Framework. Published 2018-06-25.
Is CVE-2018-11039 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.