Description

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Remediation

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/103697

https://access.redhat.com/errata/RHSA-2018:1320

https://access.redhat.com/errata/RHSA-2018:2669

https://pivotal.io/security/cve-2018-1272

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Related Vulnerabilities

CVE-2021-26117 Vulnerability in maven package org.apache.activemq:artemis-server

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

CVE-2020-7768 Vulnerability in npm package grpc

CVE-2012-5783 Vulnerability in maven package commons-httpclient:commons-httpclient

CVE-2015-8862 Vulnerability in maven package org.webjars.npm:mustache

Severity

High

Classification

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Patch Third Party Advisory VDB Entry Vendor Advisory NVD-CWE-noinfo