Shulou(Shulou.com)06/01 Report--

This article introduces how to analyze the vulnerabilities of Spring CVE-2018-1273 CVEMel 2018-1274 and CVE-2018-1275. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Overview of 0x00 vulnerabilities on April 9, 2018, Pivotal Spring officially issued a security announcement that there is a remote code execution vulnerability in the Spring framework (CVE-2018-1275): a partial fix for the vulnerability (CVE-2018-1270).

Spring issued another security announcement on April 10. There are two vulnerabilities in the Spring framework: a Spring Data Commons component remote code execution vulnerability (CVE-2018-1273) and a Spring Data Commons component denial of service vulnerability (CVE-2018-1274).

From April 5 to April 10, Spring officials issued a total of six vulnerability security bulletins, including high-risk vulnerabilities such as remote code execution vulnerabilities, directory traversal vulnerabilities and denial of service.

After relevant analysis, 360-CERT believes that the impact of the vulnerability is serious, and it is recommended that relevant users evaluate and upgrade as soon as possible.

0x01 vulnerability impact surface impact version

CVE-2018-1273 and CVE-2018-1274

Spring Data Commons 1.13 to 1.13.10 (Ingalls SR10)

Spring Data REST 2.6to 2.6.10 (Ingalls SR10)

Spring Data Commons 2.0 to 2.0.5 (Kay SR5)

Spring Data REST 3.0 to 3.0.5 (Kay SR5)

Older versions that have been discontinued

CVE-2018-1275

Spring Framework 5.0 to 5.0.4

Spring Framework 4.3 to 4.3.15

Older versions that have been discontinued

Repair version

CVE-2018-1273 and CVE-2018-1274

Data Commons component

Upgrade 2.0.x series to 2.0.6

Upgrade 1.13.x series to 1.13.11

Upgrade the old version that stops support to the new version that is officially supported

The version that has been repaired in the project

Spring Data REST 2.6.11 (Ingalls SR11)

Spring Data REST 3.0.6 (Kay SR6)

Spring Boot 1.5.11

Spring Boot 2.0.1

CVE-2018-1275

Upgrade from 5.0.x to 5.0.5

Upgrade from 4.3.x to 4.3.16

Upgrade the old version that stops support to the new version that is officially supported

0x02 vulnerability details CVE-2018-1273

Spring Data is a project module that provides underlying data access in the Spring framework, and Spring Data Commons is a common basic module. This module uses SpEl expressions when handling special attributes, causing an attacker to construct a special URL request to cause remote code execution on the server side.

Spring replaces StandardEvaluationContext with the more secure SimpleEvaluationContext in the patch.

Patch (https://github.com/spring-projects/spring-data-commons/commit/b1a20ae1e82a63f99b3afc6f2aaedb3bf4dc432a)

CVE-2018-1274

The Spring Data Commons module does not restrict resource allocation when parsing attribute paths, resulting in a denial of service attack by consuming CPU and memory resources.

Patch (https://github.com/spring-projects/spring-data-commons/commit/371f6590c509c72f8e600f3d05e110941607fbad?diff=unified)

CVE-2018-1275

This vulnerability is a legacy of the fix of the Spring-messaging remote code execution vulnerability (CVE-2018-1270), which relates to versions 5.0.x and 4.3.x of the Spring framework (CVE-2018-1270). However, due to incomplete repair of version 4.3.x, attackers can still conduct remote code execution attacks.

Related CVE-2018-1270 vulnerability Analysis early warning address https://cert.360.cn/warning/detail?id=3efa573a1116c8e6eed3b47f78723f12

This is the end of how to analyze the vulnerabilities of Spring CVE-2018-1273Grame CVEMI 2018-1274 and CVE-2018-1275. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.