Path Traversal in Spring By Pivotal Framework
CVE-2018-1271
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served fr…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.910 (99.7th percentile) — read the EPSS interpretation.
Affected products
- Spring By Pivotal Framework — versions Versions prior to 5.0.5 and 4.3.15
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 103699 (vdb-entry, x_refsource_BID)
- RHSA-2018:2669 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:2939 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2018:1320 (x_refsource_REDHAT, vendor-advisory)
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (x_refsource_CONFIRM)
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (x_refsource_CONFIRM)
- www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (x_refsource_MISC)
- pivotal.io/security/cve-2018-1271 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2018-1271?
- CVE-2018-1271 is a vulnerability in Spring By Pivotal Framework, classified under Path Traversal. Published 2018-04-06.
- Is CVE-2018-1271 known to be exploited?
- 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.