{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T07:23:56.763","vulnerabilities":[{"cve":{"id":"CVE-2018-1199","sourceIdentifier":"security_alert@emc.com","published":"2018-03-16T20:29:00.430","lastModified":"2024-11-21T03:59:22.800","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed."},{"lang":"es","value":"Spring Security (Spring Security en versiones 4.1.x anteriores a la 4.1.5, versiones 4.2.x anteriores a la 4.2.4 y versiones 5.0.x anteriores a la 5.0.1; y Spring Framework en versiones 4.3.x anteriores a la 4.3.14 y versiones 5.0.x anteriores a la 5.0.3) no tiene en cuenta los parámetros de ruta de URL al procesar limitaciones de seguridad. Al añadir un parámetro de ruta URL con codificaciones especiales, un atacante podría ser capaz de omitir una limitación de seguridad. La causa raíz de este problema es la falta de claridad con respecto a la gestión de los parámetros de ruta en Servlet Specification. Algunos contenedores de Servlet incluyen parámetros de ruta en el valor devuelto a getPathInfo(), pero otros no. Spring Security emplea el valor devuelto por getPathInfo() como parte del proceso de mapeo de peticiones a limitaciones de seguridad. En este ataque en concreto, las diferentes codificaciones de caracteres empleadas en los parámetros de ruta permiten la omisión de URL de recursos estáticos seguros de Spring MVC."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.14","matchCriteriaId":"47399570-353A-40AC-B3C7-2E78232261DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.3","matchCriteriaId":"F3AA57D0-0A3A-4B0C-B208-A5F272F722A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.5","matchCriteriaId":"349CCF1E-320D-4411-98E4-B5B001376782"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.4","matchCriteriaId":"DE8984CF-8B79-4267-B984-66817478638A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.1","matchCriteriaId":"B583A62A-EF04-4664-B8F5-57A02D833F75"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*","matchCriteriaId":"077732DB-F5F3-4E9C-9AC0-8142AB85B32F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*","matchCriteriaId":"19A0F1AF-F2E6-44E7-8E2D-190E103B72D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*","matchCriteriaId":"6D53690D-3390-4A27-988A-709CD89DD05B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","matchCriteriaId":"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2018:2405","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E","source":"security_alert@emc.com"},{"url":"https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E","source":"security_alert@emc.com"},{"url":"https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E","source":"security_alert@emc.com"},{"url":"https://pivotal.io/security/cve-2018-1199","source":"security_alert@emc.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2405","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pivotal.io/security/cve-2018-1199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}