Home

CVE-2018-1199

Description

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.511

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core 4.1.5Windows
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core 4.2.4Windows
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core 5.0.1Windows
Vulnerabilities CVE-2018-1199 are fixed in Springframework-core 4.3.14Windows
Vulnerabilities CVE-2018-1199 are fixed in Springframework-core 5.0.3Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2Windows
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core for Linux 4.1.5Linux
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core for Linux 4.2.4Linux
Vulnerabilities CVE-2018-1199 are fixed in Spring-security-core for Linux 5.0.1Linux
Vulnerabilities CVE-2018-1199 are fixed in Springframework-core for Linux 4.3.14Linux
Vulnerabilities CVE-2018-1199 are fixed in Springframework-core for Linux 5.0.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234