{"id":1322,"date":"2018-05-10T09:31:49","date_gmt":"2018-05-10T09:31:49","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1322"},"modified":"2018-05-10T09:31:49","modified_gmt":"2018-05-10T09:31:49","slug":"multiple-vulnerabilities-found-in-spring","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/multiple-vulnerabilities-found-in-spring\/","title":{"rendered":"Multiple Vulnerabilities Found in Spring"},"content":{"rendered":"

Spring released security advisories on May 9 local time for fixing its multiple vulnerabilities, including a critical remote code execution vulnerability.<\/p>\n

Reference link:\u00a0https:\/\/pivotal.io\/security<\/a><\/p>\n

\u00a0Vulnerability Description<\/h3>\n

CVE-2018-1257 (High)<\/span><\/strong><\/h4>\n

Parts of Spring Framework versions allow application programs to use Spring message module to make public STOMP on WebSocket endpoint through simple memory STOMP broker. An attacker could send a specially designed message to the broker to launch denial of service attacks.<\/p>\n

Applications become vulnerable when all of the following requirements are met:<\/p>\n