1
Candidate: CVE-2018-1199
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199
5
https://pivotal.io/security/cve-2018-1199
7
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4,
8
and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x
9
before 5.0.3) does not consider URL path parameters when processing
10
security constraints. By adding a URL path parameter with special
11
encodings, an attacker may be able to bypass a security constraint. The
12
root cause of this issue is a lack of clarity regarding the handling of
13
path parameters in the Servlet Specification. Some Servlet containers
14
include path parameters in the value returned for getPathInfo() and some do
15
not. Spring Security uses the value returned by getPathInfo() as part of
16
the process of mapping requests to security constraints. In this particular
17
attack, different character encodings used in path parameters allows
18
secured Spring MVC static resource URLs to be bypassed.
27
Patches_libspring-java:
28
upstream_libspring-java: needs-triage
29
precise/esm_libspring-java: DNE
30
trusty_libspring-java: needs-triage
31
xenial_libspring-java: needs-triage
32
artful_libspring-java: needs-triage
33
bionic_libspring-java: needs-triage
34
devel_libspring-java: needs-triage