Description

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Remediation

References

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/107984

https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

https://pivotal.io/security/cve-2018-11039

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related Vulnerabilities

CVE-2022-29078 Vulnerability in maven package org.webjars.npm:ejs

CVE-2023-26486 Vulnerability in npm package vega-functions

CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-6836 Vulnerability in npm package hot-formula-parser

CVE-2020-13946 Vulnerability in maven package org.apache.cassandra:cassandra-all

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Third Party Advisory Broken Link VDB Entry Mailing List Mitigation Vendor Advisory NVD-CWE-noinfo