Description

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Remediation

References

https://pivotal.io/security/cve-2018-11039

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

http://www.securityfocus.com/bid/107984

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Related Vulnerabilities

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

CVE-2018-10936 Vulnerability in maven package org.postgresql:postgresql

CVE-2023-34464 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2017-5637 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2022-29631 Vulnerability in maven package org.jodd:jodd-http

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mitigation Vendor Advisory Patch Third Party Advisory Broken Link VDB Entry Mailing List NVD-CWE-noinfo