CVE-2018-11040

{"id": "CVE-2018-11040", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-25T15:29:00.363", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://pivotal.io/security/cve-2018-11040", "tags": ["Mitigation", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2018-11040", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests."}, {"lang": "es", "value": "Spring Framework, en versiones 5.0.x anteriores a la 5.0.7 y versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte, permite que las aplicaciones web habiliten peticiones de dominio cruzado mediante JSONP (JSON with Padding) mediante AbstractJsonpResponseBodyAdvice para controladores REST y MappingJackson2JsonView para las peticiones del navegador. Ninguna de las dos est\u00e1 habilitada por defecto en Spring Framework o Spring Boot. Sin embargo, cuando MappingJackson2JsonView est\u00e1 configurado en una aplicaci\u00f3n, el soporte para JSONP est\u00e1 autom\u00e1ticamente listo para ser empleado mediante los par\u00e1metros JSONP \"jsonp\" y \"callback\", lo que habilita peticiones de dominio cruzado."}], "lastModified": "2024-11-21T03:42:32.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D3891F0-7BAE-45DD-992E-57DACE8ADEFE", "versionEndExcluding": "4.3.18"}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD", "versionEndExcluding": "5.0.7", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78"}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18260EE8-9BC0-4BA1-9642-90FE052E8B18"}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0BB81C3-29FD-4AE0-8D46-456FAF135F6C"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2", "versionEndIncluding": "7.3.6", "versionStartIncluding": "7.3.2"}, {"criteria": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15817206-C2AD-47B7-B40F-85BB36DB4E78"}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB", "versionEndExcluding": "6.1.0.4.0"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*", "vulnerable": true, "matchCriteriaId": "5A4FDBC7-FFB4-446F-85F8-79C9A5393648"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADEA6A93-BD78-47DC-B3C3-6D27239C6647"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5104F0A-CD23-4A6E-AD59-B6F5A949B006"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "350DFE94-C24A-40FE-98F8-246D5B7F9D83"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "499A382A-8183-4080-8D48-0E00D5E44EE6"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81C24CC1-850E-4BB2-9B50-ABE61984451E"}, {"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6"}, {"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88", "versionEndIncluding": "11.3.1", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C"}, {"criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A94B32D-6B5F-4E42-8345-4F9126A89435", "versionEndIncluding": "3.4.9.4237"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CBB28B5-032D-404C-B555-128457AA4C4A", "versionEndIncluding": "4.0.6.5281", "versionStartIncluding": "3.4.10"}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A45E70E-A57B-4DDE-A419-C7D8E45DEEEE", "versionEndIncluding": "8.0.2.8191", "versionStartIncluding": "4.0.7"}, {"criteria": "cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6660A17-D819-4930-936D-B9D06834B885"}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B"}, {"criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE91D517-D85D-4A8D-90DC-4561BBF8670E"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F"}, {"criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86"}, {"criteria": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B05A34B4-A853-456C-BD56-3B3FD6397424"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A17D989-66AC-4A17-AB4D-E0EC045FB457"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14285308-8564-4858-8D31-E40E57B27390"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C4C280-B319-411B-8510-9B5319E6D312"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21"}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA3D85CE-DAE9-418A-AA94-779546C0D245"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}, {"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}