Description

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Remediation

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/107984

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

https://pivotal.io/security/cve-2018-11039

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related Vulnerabilities

CVE-2022-31151 Vulnerability in maven package org.webjars.npm:undici

CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2021-29441 Vulnerability in maven package com.alibaba.nacos:nacos-common

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service

CVE-2022-24822 Vulnerability in npm package @podium/layout

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Broken Link VDB Entry Mailing List Mitigation Vendor Advisory NVD-CWE-noinfo