CVE-2018-1199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1199

Aliases

GHSA-v596-fwhq-8x48

Related

UBUNTU-CVE-2018-1199

Published

2018-03-16T20:29:00Z

Modified

2024-09-18T02:55:30.063863Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

References

Affected packages

Debian:11 / libspring-java

Package

Name: libspring-java
Purl: pkg:deb/debian/libspring-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libspring-java

Package

Name: libspring-java
Purl: pkg:deb/debian/libspring-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libspring-java

Package

Name: libspring-java
Purl: pkg:deb/debian/libspring-java?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.14-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/spring-projects/spring-security

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-security
Events: Introduced

62e7762e8f3f2f810b01f2c23f211de627331aa8

Fixed

ce8bea69ae7fc83cfd0902a8b3fee2dbe0036ab7

Affected versions

5.*

5.0.0.RELEASE

5.0.1.RELEASE

5.0.2.RELEASE