Denial of Service Risk in Spring Framework by Pivotal
CVE-2018-1257
6.5MEDIUM
What is CVE-2018-1257?
The Spring Framework, specifically versions 5.0.x prior to 5.0.6 and 4.3.x prior to 4.3.17, exposes STOMP over WebSocket endpoints. This flaw allows a malicious actor to send crafted messages to an in-memory STOMP broker, potentially leading to a denial of service attack through regular expression vulnerabilities.
Affected Version(s)
Spring Framework 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17
