{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T23:51:31.042","vulnerabilities":[{"cve":{"id":"CVE-2018-11039","sourceIdentifier":"security_alert@emc.com","published":"2018-06-25T15:29:00.317","lastModified":"2024-11-21T03:42:32.633","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."},{"lang":"es","value":"Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el método de petición HTTP a cualquier método HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicación tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionEndExcluding":"4.3.18","matchCriteriaId":"9D3891F0-7BAE-45DD-992E-57DACE8ADEFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.7","matchCriteriaId":"8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*","matchCriteriaId":"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*","matchCriteriaId":"CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*","matchCriteriaId":"ED43772F-D280-42F6-A292-7198284D6FE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*","matchCriteriaId":"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"17EA8B91-7634-4636-B647-1049BA7CA088"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5B4DF46F-DBCC-41F2-A260-F83A14838F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"10F17843-32EA-4C31-B65C-F424447BEF7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A125E817-F974-4509-872C-B71933F42AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","versionEndExcluding":"8.3","matchCriteriaId":"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.2","versionEndIncluding":"7.3.6","matchCriteriaId":"ABD748C9-24F6-4739-9772-208B98616EE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*","matchCriteriaId":"15817206-C2AD-47B7-B40F-85BB36DB4E78"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"468931C8-C76A-4E47-BF00-185D85F719C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.0.4.0","matchCriteriaId":"97C1FA4C-5163-420C-A01A-EA36F1039BBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*","matchCriteriaId":"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*","matchCriteriaId":"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*","matchCriteriaId":"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"539DA24F-E3E0-4455-84C6-A9D96CD601B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8B65CD29-C729-42AC-925E-014BA19581E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7E856B4A-6AE7-4317-921A-35B4D2048652"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"98F3E643-4B65-4668-BB11-C61ED54D5A53"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CDCE0E90-495E-4437-8529-3C36441FB69D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*","matchCriteriaId":"51C25F23-6800-48A2-881C-C2A2C3FA045C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*","matchCriteriaId":"9027528A-4FE7-4E3C-B2DF-CCCED22128F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*","matchCriteriaId":"2A699D02-296B-411E-9658-5893240605D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*","matchCriteriaId":"7036576C-2B1F-413D-B154-2DBF9BFDE7E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1A3DC116-2844-47A1-BEC2-D0675DD97148"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndIncluding":"11.3.1","matchCriteriaId":"E08D4207-DB46-42D6-A8C9-1BE857483B88"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*","matchCriteriaId":"641D134E-6C51-4DB8-8554-F6B5222EF479"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*","matchCriteriaId":"DB6321F8-7A0A-4DB8-9889-3527023C652A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*","matchCriteriaId":"02867DC7-E669-43C0-ACC4-E1CAA8B9994C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"98EE20FD-3D21-4E23-95B8-7BD13816EB95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.9.4237","matchCriteriaId":"8A94B32D-6B5F-4E42-8345-4F9126A89435"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.6.5281","matchCriteriaId":"EF71D94F-EFC5-4390-A380-AC0E5DB05516"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.2.8191","matchCriteriaId":"33EFAF19-A639-47AD-9CDC-D174C91F0F00"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*","matchCriteriaId":"0745445C-EC43-4091-BA7C-5105AFCC6F1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*","matchCriteriaId":"517E0654-F1DE-43C4-90B5-FB90CA31734B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*","matchCriteriaId":"921B7906-A20A-4313-9398-D542A4198BBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*","matchCriteriaId":"D09C6958-DD7C-4B43-B7F0-4EE65ED5B582"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*","matchCriteriaId":"1BBFE031-4BD1-4501-AC62-DC0AFC2167B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*","matchCriteriaId":"FE91D517-D85D-4A8D-90DC-4561BBF8670E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*","matchCriteriaId":"AD4AB77A-E829-4603-AF6A-97B9CD0D687F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*","matchCriteriaId":"6DE15D64-6F49-4F43-8079-0C7827384C86"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*","matchCriteriaId":"ACB5604C-69AF-459D-A82D-8A3B78CF2655"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*","matchCriteriaId":"655CF3AE-B649-4282-B727-8B3C5D829C40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*","matchCriteriaId":"53CFE454-3E73-4A88-ABEE-322139B169A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*","matchCriteriaId":"457C8C66-FB0C-4532-9027-8777CF42D17A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*","matchCriteriaId":"FF2B9DA6-2937-4574-90DF-09FD770B23D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*","matchCriteriaId":"20357086-0C32-44B5-A1FA-79283E88FB47"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*","matchCriteriaId":"B05A34B4-A853-456C-BD56-3B3FD6397424"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*","matchCriteriaId":"6A17D989-66AC-4A17-AB4D-E0EC045FB457"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*","matchCriteriaId":"14285308-8564-4858-8D31-E40E57B27390"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*","matchCriteriaId":"A0BBB59C-D3B4-4CA9-870B-3FB9118F3F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*","matchCriteriaId":"21973CDD-D16E-4321-9F8E-67F4264D7C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","matchCriteriaId":"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"EE188B12-D28E-490C-9948-F5305A7D55BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40B13B7-68B3-4510-968C-6A730EB46462"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C93CC705-1F8C-4870-99E6-14BF264C3811"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F14A818F-AA16-4438-A3E4-E64C9287AC66"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/107984","source":"security_alert@emc.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-11039","source":"security_alert@emc.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/107984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://pivotal.io/security/cve-2018-11039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}