2018-05-11 22:29:00 2020-08-24 19:37:00

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL
Oracle Weblogic server 12.2.1.3.0 * * * (not an official CPE) Oracle Weblogic server 10.3.6.0.0 * * * (not an official CPE) Oracle Weblogic server 12.1.3.0.0 * * * (not an official CPE) Oracle Tape library acsls 8.4 * * * (not an official CPE) Oracle Utilities network management system 1.12.0.3 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.2.2.0.0 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.1.3.0.0 * * * (not an official CPE) Oracle Retail predictive application server 15.0 * * * (not an official CPE) Oracle Retail predictive application server 16.0 * * * (not an official CPE) Oracle Retail predictive application server 14.1 * * * (not an official CPE) Oracle Retail predictive application server 14.0 * * * (not an official CPE) Oracle Retail order broker 16.0 * * * (not an official CPE) Oracle Retail order broker 15.0 * * * (not an official CPE) Oracle Retail order broker 5.2 * * * (not an official CPE) Oracle Retail order broker 5.1 * * * (not an official CPE) Oracle Retail open commerce platform 6.0.1 * * * (not an official CPE) Oracle Retail open commerce platform 6.0.0 * * * (not an official CPE) Oracle Retail customer insights 16.0 * * * (not an official CPE) Oracle Retail open commerce platform 5.3.0 * * * (not an official CPE) Oracle Retail customer insights 15.0 * * * (not an official CPE) Oracle Primavera gateway 17.12 * * * (not an official CPE) Oracle Primavera gateway 16.2 * * * (not an official CPE) Oracle Primavera gateway 15.2 * * * (not an official CPE) Oracle Insurance rules palette 11.1 * * * (not an official CPE) Oracle Insurance rules palette 11.0 * * * (not an official CPE) Oracle Insurance rules palette 10.2 * * * (not an official CPE) Oracle Insurance rules palette 10.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.2 * * * (not an official CPE) Oracle Insurance calculation engine 10.2.1 * * * (not an official CPE) Oracle Insurance rules palette 10.0 * * * (not an official CPE) Oracle Healthcare master person index 4.0 * * * (not an official CPE) Oracle Hospitality guest access 4.2.0 * * * (not an official CPE) Oracle Hospitality guest access 4.2.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.1.1 * * * (not an official CPE) Oracle Healthcare master person index 3.0 * * * (not an official CPE) Oracle Goldengate for big data 12.3.2.1 * * * (not an official CPE) Oracle Health sciences information manager 3.0 * * * (not an official CPE) Oracle Flexcube private banking 12.1.0.0 * * * (not an official CPE) Oracle Goldengate for big data 12.2.0.1 * * * (not an official CPE) Oracle Goldengate for big data 12.3.1.1 * * * (not an official CPE) Oracle Flexcube private banking 2.2.0.1 * * * (not an official CPE) Oracle Flexcube private banking 12.0.1.0 * * * (not an official CPE) Oracle Flexcube private banking 12.0.3.0 * * * (not an official CPE) Oracle Flexcube private banking 2.0.0.0 * * * (not an official CPE) Oracle Enterprise manager base platform 13.3.0.0.0 * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Enterprise manager for mysql database 13.2 * * * (not an official CPE) Oracle Enterprise manager base platform 13.2.0.0.0 * * * (not an official CPE) Oracle Enterprise manager base platform 12.1.0.5.0 * * * (not an official CPE) Oracle Endeca information discovery integrator 3.2.0 * * * (not an official CPE) Oracle Endeca information discovery integrator 3.1.0 * * * (not an official CPE) Oracle Communications unified inventory management 7.4.0 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.5 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.4 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.2 * * * (not an official CPE) Oracle Communications services gatekeeper * * * * (not an official CPE) Oracle Communications diameter signaling router * * * * (not an official CPE) Oracle Communications performance intelligence center * * * * (not an official CPE) Oracle Communications converged application server * * * * (not an official CPE) Oracle Big data discovery 1.6.0 * * * (not an official CPE) Oracle Application testing suite 13.3.0.1 * * * (not an official CPE) Oracle Application testing suite 13.2.0.1 * * * (not an official CPE) Oracle Application testing suite 13.1.0.1 * * * (not an official CPE) Oracle Application testing suite 12.5.0.3 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.6 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.4 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.5 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.3 * * * (not an official CPE) Redhat Openshift - * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE)