CVE-2018-11039
- Source
- https://cve.org/CVERecord?id=CVE-2018-11039
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11039.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-11039
- Aliases
- Downstream
- Published
- 2018-06-25T15:29:00.317Z
- Modified
- 2026-03-15T22:18:35.362851Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
- References
-
- http://www.securityfocus.com/bid/107984
- https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
- https://pivotal.io/security/cve-2018-11039
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Affected packages
Git / github.com/spring-projects/spring-framework
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spring-projects/spring-framework
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.3.18" }, { "introduced": "5.0.0" }, { "fixed": "5.0.7" }, { "introduced": "0" }, { "last_affected": "6.1" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "introduced": "0" }, { "last_affected": "4.2.0" }, { "introduced": "0" }, { "last_affected": "4.2.1" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11039.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.5.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.1.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.3.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.3"
}
]
},
{
"events": [
{
"introduced": "7.3.2"
},
{
"last_affected": "7.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.2.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.1.0.5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.3.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.3.3"
}
]
},
{
"events": [
{
"introduced": "11.0.0"
},
{
"last_affected": "11.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.9.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.4.9.4237"
}
]
},
{
"events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.6.5281"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.0.2.8191"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0.3.26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.3..100"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.12.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.3.6.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.1.3.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]