CVE-2018-11040

CVE Database · CVE-2018-11040

CVE-2018-11040

· HIGHModified

CVSS v3.1

7.5

EPSS

3.24%

Published

Jun 25, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-829

Affected Products (51)

vmware · spring_framework (up to 4.3.18)vulnerable

vmware · spring_framework (up to 5.0.7)vulnerable

oracle · agile_product_lifecycle_managementvulnerable

oracle · application_testing_suitevulnerable

· communications_network_integrity

References (18)

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

Mailing ListThird Party Advisory

https://pivotal.io/security/cve-2018-11040

MitigationVendor Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs

oracle · communications_online_mediation_controllervulnerable

oracle · communications_services_gatekeeper (up to 6.1.0.4.0)vulnerable

oracle · communications_unified_inventory_managementvulnerable

oracle · endeca_information_discovery_integratorvulnerable

oracle · enterprise_managervulnerable

oracle · enterprise_manager_ops_centervulnerable

oracle · flexcube_private_bankingvulnerable

oracle · healthcare_master_person_indexvulnerable

oracle · hospitality_guest_accessvulnerable

oracle · insurance_calculation_enginevulnerable

oracle · insurance_rules_palettevulnerable

oracle · micros_lucasvulnerable

oracle · mysql_enterprise_monitorvulnerable

oracle · product_lifecycle_managementvulnerable

oracle · retail_advanced_inventory_planningvulnerable

oracle · retail_clearance_optimization_enginevulnerable

oracle · retail_customer_insightsvulnerable

oracle · retail_markdown_optimizationvulnerable

oracle · retail_predictive_application_servervulnerable

oracle · retail_service_backbonevulnerable

oracle · retail_xstore_point_of_servicevulnerable

oracle · utilities_network_management_systemvulnerable

oracle · weblogic_servervulnerable

PatchThird Party Advisory