CVE-2018-1271
Directory Traversal vulnerability in org.springframework:spring-core
What is CVE-2018-1271 About?
Spring Framework versions 5.0 prior to 5.0.5 and 4.3 prior to 4.3.15 are vulnerable to directory traversal when serving static resources from a Windows file system. An attacker can craft a special URL to access unauthorized files and directories. This vulnerability is moderately easy to exploit, requiring knowledge of the server's file structure and special URL encoding.
Affected Software
- org.springframework:spring-core
- >5.0.0, <5.0.5
- <4.3.15
Technical Details
The Directory Traversal vulnerability in Spring Framework exists when applications are configured to serve static resources from a file system on Windows operating systems (as opposed to classpath or ServletContext). A malicious user can exploit this by sending a specially crafted URL that includes directory traversal sequences (e.g., `../`, `..\`, URL-encoded variations) within the static resource path. Due to insufficient sanitization or canonicalization of the provided URL path by the framework on Windows systems, these sequences are incorrectly interpreted, allowing the attacker to escape the intended static resource directory and access arbitrary files and directories outside of the web root.
What is the Impact of CVE-2018-1271?
Successful exploitation may allow attackers to read arbitrary files on the server's file system, potentially leading to information disclosure, sensitive data exposure, or further system compromise.
What is the Exploitability of CVE-2018-1271?
Exploitation of this directory traversal vulnerability is of moderate complexity. It requires an unauthenticated remote attacker to craft a specific URL containing traversal sequences. There are no authentication or privilege requirements for exploitation. The attack vector is remote, targeting web applications built with Spring Framework that serve static resources from a Windows file system. The primary prerequisite for exploitation is the specific configuration of static resource serving paths on a Windows environment. Risk factors that increase exploitation likelihood include the public exposure of the vulnerable static resource endpoints and the lack of robust URL path sanitization or canonicalization in the application's configuration.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-1271?
Available Upgrade Options
- org.springframework:spring-core
- <4.3.15 → Upgrade to 4.3.15
- org.springframework:spring-core
- >5.0.0, <5.0.5 → Upgrade to 5.0.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2018-1271
- https://github.com/spring-projects/spring-framework/commit/13356a7ee2240f740737c5c83bdccdacc30603ab
- http://www.securityfocus.com/bid/103699
- https://github.com/advisories/GHSA-g8hw-794c-4j9g
- https://github.com/spring-projects/spring-framework/commit/98ad23bef8e2e04143f8f5b201380543a8d8c0c3
- https://github.com/spring-projects/spring-framework/commit/91b803a2310344d925e5d4b1709bbcea90375548
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.securityfocus.com/bid/103699
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://github.com/spring-projects/spring-framework/commit/b9ebdaaf3710db473a2e1fec8641c316483a22aa
What are Similar Vulnerabilities to CVE-2018-1271?
Similar Vulnerabilities: CVE-2020-5410 , CVE-2020-5408 , CVE-2020-5407 , CVE-2021-22960 , CVE-2022-22965
