What is CVE-2018-1257?

CVE-2018-1257 is a vulnerability in Pivotal Spring Framework. Published 2018-05-11.

Is CVE-2018-1257 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Framework

CVE-2018-1257

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging…

EPSS: 0.012 (79.1th percentile) — read the EPSS interpretation.

Affected products

Pivotal Spring Framework — versions 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17

Public proof-of-concept exploits

References

104260 (vdb-entry, x_refsource_BID)
RHSA-2018:1809 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3768 (x_refsource_REDHAT, vendor-advisory)
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (x_refsource_MISC)
www.oracle.com/security-alerts/cpujan2020.html (x_refsource_MISC)
pivotal.io/security/cve-2018-1257 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1257?: CVE-2018-1257 is a vulnerability in Pivotal Spring Framework. Published 2018-05-11.
Is CVE-2018-1257 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.