Description

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Remediation

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/107984

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

https://pivotal.io/security/cve-2018-11039

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related Vulnerabilities

CVE-2021-32831 Vulnerability in npm package total.js

CVE-2021-23337 Vulnerability in maven package org.webjars.npm:lodash.template

CVE-2021-26920 Vulnerability in maven package org.apache.druid:druid-core

CVE-2015-20110 Vulnerability in npm package generator-jhipster

CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Broken Link VDB Entry Mailing List Mitigation Vendor Advisory NVD-CWE-noinfo