Description

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Remediation

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/107984

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

https://pivotal.io/security/cve-2018-11039

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related Vulnerabilities

CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config

CVE-2023-22580 Vulnerability in npm package sequelize

CVE-2023-39522 Vulnerability in npm package @goauthentik/api

CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core

CVE-2021-39236 Vulnerability in maven package org.apache.ozone:ozone-main

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Broken Link VDB Entry Mailing List Mitigation Vendor Advisory NVD-CWE-noinfo