Vulnerable Libraries - spring-security-web-4.2.3.RELEASE.jar, spring-core-4.1.9.RELEASE.jar, spring-core-3.0.5.RELEASE.jar, spring-core-4.3.7.RELEASE.jar, spring-core-5.0.0.RELEASE.jar, spring-core-3.2.9.RELEASE.jar, spring-security-config-4.2.3.RELEASE.jar, spring-core-4.0.9.RELEASE.jar, spring-core-4.2.7.RELEASE.jar, spring-core-4.0.3.RELEASE.jar, spring-core-3.2.8.RELEASE.jar, spring-core-3.1.0.RELEASE.jar, spring-core-4.2.4.RELEASE.jar, spring-core-4.3.13.RELEASE.jar, spring-core-4.3.11.RELEASE.jar, spring-core-4.1.6.RELEASE.jar, spring-core-4.2.5.RELEASE.jar
spring-security-web-4.2.3.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-web/4.2.3.RELEASE/7a03e737484ca232d7146852f06d067ac21427ac/spring-security-web-4.2.3.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-security-1.5.9.RELEASE.jar (Root Library)
- ❌ spring-security-web-4.2.3.RELEASE.jar (Vulnerable Library)
spring-core-4.1.9.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.0/couchbase-2.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.1.9.RELEASE/85a6d6031c4193d873144496e865b649a874cc47/spring-core-4.1.9.RELEASE.jar
Dependency Hierarchy:
- spring-data-couchbase-2.0.0.RELEASE.jar (Root Library)
- spring-context-4.1.9.RELEASE.jar
- ❌ spring-core-4.1.9.RELEASE.jar (Vulnerable Library)
spring-core-3.0.5.RELEASE.jar
Spring Framework Parent
Path to dependency file: /dd-java-agent/instrumentation/rabbitmq-amqp-2.7/rabbitmq-amqp-2.7.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.0.5.RELEASE/1633e94943d57746ef76910489f1cd71fe667e04/spring-core-3.0.5.RELEASE.jar
Dependency Hierarchy:
- spring-rabbit-1.1.0.RELEASE.jar (Root Library)
- spring-amqp-1.1.0.RELEASE.jar
- ❌ spring-core-3.0.5.RELEASE.jar (Vulnerable Library)
spring-core-4.3.7.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/http-url-connection/http-url-connection.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.7.RELEASE/54fa2db94cc7222edc90ec71354e47cd1dc07f7b/spring-core-4.3.7.RELEASE.jar
Dependency Hierarchy:
- spring-web-4.3.7.RELEASE.jar (Root Library)
- ❌ spring-core-4.3.7.RELEASE.jar (Vulnerable Library)
spring-core-5.0.0.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-rabbit/spring-rabbit.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar
Dependency Hierarchy:
- spring-rabbit-2.0.0.RELEASE.jar (Root Library)
- spring-web-5.0.0.RELEASE.jar
- ❌ spring-core-5.0.0.RELEASE.jar (Vulnerable Library)
spring-core-3.2.9.RELEASE.jar
Spring Core
Library home page: https://github.com/SpringSource/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-data-1.8/spring-data-1.8.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.2.9.RELEASE/23566c793f7db5859dbceb98cd1a5789b489e0b5/spring-core-3.2.9.RELEASE.jar
Dependency Hierarchy:
- spring-data-commons-1.8.0.RELEASE.jar (Root Library)
- ❌ spring-core-3.2.9.RELEASE.jar (Vulnerable Library)
spring-security-config-4.2.3.RELEASE.jar
spring-security-config
Library home page: http://spring.io/spring-security
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-config/4.2.3.RELEASE/9f3771903616e33521836fd999d63efbfebf90d/spring-security-config-4.2.3.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-security-1.5.9.RELEASE.jar (Root Library)
- ❌ spring-security-config-4.2.3.RELEASE.jar (Vulnerable Library)
spring-core-4.0.9.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-data-1.8/spring-data-1.8.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.0.9.RELEASE/a7aea1dd2c5cde050d2d62833ec397d899a00854/spring-core-4.0.9.RELEASE.jar
Dependency Hierarchy:
- spring-data-jpa-1.8.0.RELEASE.jar (Root Library)
- ❌ spring-core-4.0.9.RELEASE.jar (Vulnerable Library)
spring-core-4.2.7.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.7.RELEASE/3d08f6f68e0654bf4be50559aec4218334189583/spring-core-4.2.7.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.7.RELEASE/3d08f6f68e0654bf4be50559aec4218334189583/spring-core-4.2.7.RELEASE.jar
Dependency Hierarchy:
- play-java-ws_2.11-2.5.19.jar (Root Library)
- play-java_2.11-2.5.19.jar
- ❌ spring-core-4.2.7.RELEASE.jar (Vulnerable Library)
spring-core-4.0.3.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.0.3.RELEASE/138d28200d97f4affe9ccaa47fab54718b438319/spring-core-4.0.3.RELEASE.jar
Dependency Hierarchy:
- play-java_2.11-2.3.9.jar (Root Library)
- ❌ spring-core-4.0.3.RELEASE.jar (Vulnerable Library)
spring-core-3.2.8.RELEASE.jar
Spring Core
Library home page: https://github.com/SpringSource/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/hibernate/core-4.3/core-4.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.2.8.RELEASE/64b9b731decc74403eb85163278659d91c300584/spring-core-3.2.8.RELEASE.jar
Dependency Hierarchy:
- spring-data-jpa-1.5.1.RELEASE.jar (Root Library)
- ❌ spring-core-3.2.8.RELEASE.jar (Vulnerable Library)
spring-core-3.1.0.RELEASE.jar
Spring Framework Parent
Path to dependency file: /dd-java-agent/instrumentation/spring-jms-3.1/spring-jms-3.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.1.0.RELEASE/3a18c725dd321e457cfb48547d40c2862216bb3b/spring-core-3.1.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.1.0.RELEASE/3a18c725dd321e457cfb48547d40c2862216bb3b/spring-core-3.1.0.RELEASE.jar
Dependency Hierarchy:
- spring-jms-3.1.0.RELEASE.jar (Root Library)
- ❌ spring-core-3.1.0.RELEASE.jar (Vulnerable Library)
spring-core-4.2.4.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.4.RELEASE/160ccd89230753d4f49477a967f5876b034d9745/spring-core-4.2.4.RELEASE.jar
Dependency Hierarchy:
- play-java_2.11-2.5.0.jar (Root Library)
- ❌ spring-core-4.2.4.RELEASE.jar (Vulnerable Library)
spring-core-4.3.13.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.13.RELEASE/eea18d7f4d01f1baa1b6728b678b5a6fe23c61f6/spring-core-4.3.13.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-security-1.5.9.RELEASE.jar (Root Library)
- spring-security-config-4.2.3.RELEASE.jar
- ❌ spring-core-4.3.13.RELEASE.jar (Vulnerable Library)
spring-core-4.3.11.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/benchmark-integration/play-perftest/play-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.11.RELEASE/eb30ed093f628279d3aead068fd478fa343f1dad/spring-core-4.3.11.RELEASE.jar
Dependency Hierarchy:
- play-java-forms_2.12-2.6.20.jar (Root Library)
- ❌ spring-core-4.3.11.RELEASE.jar (Vulnerable Library)
spring-core-4.1.6.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.1.6.RELEASE/e2f486124d5dea2d91a9c2ea7d4456bc343ca2cc/spring-core-4.1.6.RELEASE.jar
Dependency Hierarchy:
- play-java-ws_2.11-2.4.11.jar (Root Library)
- play-java_2.11-2.4.11.jar
- ❌ spring-core-4.1.6.RELEASE.jar (Vulnerable Library)
spring-core-4.2.5.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.5.RELEASE/251207b29f0f38f61e3495a2f7fb053cf1bfe8c/spring-core-4.2.5.RELEASE.jar
Dependency Hierarchy:
- spring-data-elasticsearch-2.0.0.RELEASE.jar (Root Library)
- spring-tx-4.2.5.RELEASE.jar
- ❌ spring-core-4.2.5.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199
Release Date: 2018-01-29
Fix Resolution (org.springframework.security:spring-security-web): 4.2.4.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 2.2.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.13.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.3.14.RELEASE
Fix Resolution (org.springframework:spring-core): 5.0.3.RELEASE
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-commons): 1.13.10.RELEASE
Fix Resolution (org.springframework.security:spring-security-config): 4.2.4.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-jpa): 1.11.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.3.10
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-jpa): 1.11.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework:spring-jms): 4.3.14.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.6.0
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java-forms_2.12): 2.6.21
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 2.1.10.RELEASE
CVE-2018-1199 - Medium Severity Vulnerability
spring-security-web-4.2.3.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-web/4.2.3.RELEASE/7a03e737484ca232d7146852f06d067ac21427ac/spring-security-web-4.2.3.RELEASE.jar
Dependency Hierarchy:
spring-core-4.1.9.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.0/couchbase-2.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.1.9.RELEASE/85a6d6031c4193d873144496e865b649a874cc47/spring-core-4.1.9.RELEASE.jar
Dependency Hierarchy:
spring-core-3.0.5.RELEASE.jar
Spring Framework Parent
Path to dependency file: /dd-java-agent/instrumentation/rabbitmq-amqp-2.7/rabbitmq-amqp-2.7.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.0.5.RELEASE/1633e94943d57746ef76910489f1cd71fe667e04/spring-core-3.0.5.RELEASE.jar
Dependency Hierarchy:
spring-core-4.3.7.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/http-url-connection/http-url-connection.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.7.RELEASE/54fa2db94cc7222edc90ec71354e47cd1dc07f7b/spring-core-4.3.7.RELEASE.jar
Dependency Hierarchy:
spring-core-5.0.0.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-rabbit/spring-rabbit.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.0.0.RELEASE/3a9bb910e8943b5ef59b193a1621daba46456ca9/spring-core-5.0.0.RELEASE.jar
Dependency Hierarchy:
spring-core-3.2.9.RELEASE.jar
Spring Core
Library home page: https://github.com/SpringSource/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-data-1.8/spring-data-1.8.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.2.9.RELEASE/23566c793f7db5859dbceb98cd1a5789b489e0b5/spring-core-3.2.9.RELEASE.jar
Dependency Hierarchy:
spring-security-config-4.2.3.RELEASE.jar
spring-security-config
Library home page: http://spring.io/spring-security
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework.security/spring-security-config/4.2.3.RELEASE/9f3771903616e33521836fd999d63efbfebf90d/spring-security-config-4.2.3.RELEASE.jar
Dependency Hierarchy:
spring-core-4.0.9.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/spring-data-1.8/spring-data-1.8.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.0.9.RELEASE/a7aea1dd2c5cde050d2d62833ec397d899a00854/spring-core-4.0.9.RELEASE.jar
Dependency Hierarchy:
spring-core-4.2.7.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.7.RELEASE/3d08f6f68e0654bf4be50559aec4218334189583/spring-core-4.2.7.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.7.RELEASE/3d08f6f68e0654bf4be50559aec4218334189583/spring-core-4.2.7.RELEASE.jar
Dependency Hierarchy:
spring-core-4.0.3.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.0.3.RELEASE/138d28200d97f4affe9ccaa47fab54718b438319/spring-core-4.0.3.RELEASE.jar
Dependency Hierarchy:
spring-core-3.2.8.RELEASE.jar
Spring Core
Library home page: https://github.com/SpringSource/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/hibernate/core-4.3/core-4.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.2.8.RELEASE/64b9b731decc74403eb85163278659d91c300584/spring-core-3.2.8.RELEASE.jar
Dependency Hierarchy:
spring-core-3.1.0.RELEASE.jar
Spring Framework Parent
Path to dependency file: /dd-java-agent/instrumentation/spring-jms-3.1/spring-jms-3.1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.1.0.RELEASE/3a18c725dd321e457cfb48547d40c2862216bb3b/spring-core-3.1.0.RELEASE.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/3.1.0.RELEASE/3a18c725dd321e457cfb48547d40c2862216bb3b/spring-core-3.1.0.RELEASE.jar
Dependency Hierarchy:
spring-core-4.2.4.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.4.RELEASE/160ccd89230753d4f49477a967f5876b034d9745/spring-core-4.2.4.RELEASE.jar
Dependency Hierarchy:
spring-core-4.3.13.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.13.RELEASE/eea18d7f4d01f1baa1b6728b678b5a6fe23c61f6/spring-core-4.3.13.RELEASE.jar
Dependency Hierarchy:
spring-core-4.3.11.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/benchmark-integration/play-perftest/play-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.3.11.RELEASE/eb30ed093f628279d3aead068fd478fa343f1dad/spring-core-4.3.11.RELEASE.jar
Dependency Hierarchy:
spring-core-4.1.6.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.1.6.RELEASE/e2f486124d5dea2d91a9c2ea7d4456bc343ca2cc/spring-core-4.1.6.RELEASE.jar
Dependency Hierarchy:
spring-core-4.2.5.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/4.2.5.RELEASE/251207b29f0f38f61e3495a2f7fb053cf1bfe8c/spring-core-4.2.5.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
Publish Date: 2018-03-16
URL: CVE-2018-1199
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199
Release Date: 2018-01-29
Fix Resolution (org.springframework.security:spring-security-web): 4.2.4.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 2.2.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.13.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.3.14.RELEASE
Fix Resolution (org.springframework:spring-core): 5.0.3.RELEASE
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-commons): 1.13.10.RELEASE
Fix Resolution (org.springframework.security:spring-security-config): 4.2.4.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-jpa): 1.11.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.3.10
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-jpa): 1.11.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework:spring-jms): 4.3.14.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.6.0
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 1.5.10.RELEASE
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (com.typesafe.play:play-java-forms_2.12): 2.6.21
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 2.1.10.RELEASE
⛑️ Automatic Remediation is available for this issue