CVE-2018-1259 - OpenCVE

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xmlbeam	Xmlbeam
Pivotal Software	Spring Data Rest Spring Data Commons

Configuration 1 [-]

OR	cpe:2.3:a:pivotal_software:spring_data_commons::::::::
	cpe:2.3:a:pivotal_software:spring_data_commons::::::::

Configuration 2 [-]

OR	cpe:2.3:a:pivotal_software:spring_data_rest::::::::
	cpe:2.3:a:pivotal_software:spring_data_rest::::::::

Configuration 3 [-]

cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2018:1809	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3768	Third Party Advisory
https://pivotal.io/security/cve-2018-1259	Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2018-05-09T00:00:00

Updated: 2022-07-22T17:57:52

Reserved: 2017-12-06T00:00:00

Link: CVE-2018-1259

JSON object: View

NVD Information

Status : Modified

Published: 2018-05-11T20:29:00.307

Modified: 2022-07-25T18:15:14.550

Link: CVE-2018-1259

JSON object: View

Redhat Information

No data.

CWE

CWE-611

{"containers": {"cna": {"affected": [{"product": "Spring Data Commons", "vendor": "Pivotal", "versions": [{"status": "affected", "version": "1.13 prior to 1.13.12; 2.0 prior to 2.0.7"}]}], "datePublic": "2018-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."}], "problemTypes": [{"descriptions": [{"description": "XML Parsing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T17:57:52", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "RHSA-2018:1809", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1809"}, {"name": "RHSA-2018:3768", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2018-1259"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2018-05-09T00:00:00", "ID": "CVE-2018-1259", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Spring Data Commons", "version": {"version_data": [{"version_value": "1.13 prior to 1.13.12; 2.0 prior to 2.0.7"}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XML Parsing"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:1809", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1809"}, {"name": "RHSA-2018:3768", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "https://pivotal.io/security/cve-2018-1259", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2018-1259"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1259", "datePublished": "2018-05-09T00:00:00", "dateReserved": "2017-12-06T00:00:00", "dateUpdated": "2022-07-22T17:57:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E7F274-5CF6-482F-9B52-9C7E40C7C133", "versionEndIncluding": "1.13.11", "versionStartIncluding": "1.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*", "matchCriteriaId": "055E8CDE-2FDC-46E1-91B6-02BB5BB5DDE7", "versionEndIncluding": "2.0.6", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5433DB0-B5D8-48D1-901E-7935B3D9EC37", "versionEndIncluding": "2.6.11", "versionStartExcluding": "2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:spring_data_rest:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAF1612F-D7FE-480E-8C28-2D97413787F9", "versionEndIncluding": "3.0.6", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlbeam:xmlbeam:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A5EE557-849E-4677-B7B4-4A1BDB6EA0F0", "versionEndIncluding": "1.4.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system."}, {"lang": "es", "value": "Spring Data Commons, en versiones 1.13 anteriores a la 1.13.12 y versiones 2.0 anteriores a la 2.0.7, empleado junto con XMLBeam, en versiones 1.4.14 o anteriores, contiene una vulnerabilidad de enlazador de propiedades provocada por la restricci\u00f3n incorrecta de referencias de entidades externas XML, ya que la biblioteca subyacente XMLBeam no restringe la expansi\u00f3n de referencias externas. Un usuario remoto malicioso no autenticado puede proporcionar par\u00e1metros de petici\u00f3n especialmente manipulados al enlace de la carga \u00fatil de petici\u00f3n basada en proyecci\u00f3n de Spring Data para acceder a archivos arbitrarios en el sistema."}], "id": "CVE-2018-1259", "lastModified": "2022-07-25T18:15:14.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-11T20:29:00.307", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1809"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2018-1259"}, {"source": "security_alert@emc.com", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}