CVE-2018-1257 -- libspring-javaID: oval:org.secpod.oval:def:2001251 | Date: (C)2019-06-06 (M)2022-06-23 |
Class: VULNERABILITY | Family: unix |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user can craft a message to the broker that can lead to a regular expression, denial of service attack.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
libspring-core-java |