CVE-2018-11040
- Source
- https://cve.org/CVERecord?id=CVE-2018-11040
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11040.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-11040
- Aliases
- Downstream
- Published
- 2018-06-25T15:29:00.363Z
- Modified
- 2026-05-28T04:04:20.681459714Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "oracle:communications_network_integrity", "cpes": [ "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "7.3.2" }, { "last_affected": "7.3.6" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:communications_services_gatekeeper", "cpes": [ "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "fixed": "6.1.0.4.0" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:insurance_calculation_engine", "cpes": [ "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "11.0.0" }, { "last_affected": "11.3.1" } ], "source": "CPE_RANGE" }, { "vendor_product": "oracle:mysql_enterprise_monitor", "cpes": [ "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "3.4.9.4237" }, { "introduced": "3.4.10" }, { "last_affected": "4.0.6.5281" }, { "introduced": "4.0.7" }, { "last_affected": "8.0.2.8191" } ], "source": "CPE_RANGE" }, { "vendor_product": "debian:debian_linux", "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "9.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:agile_product_lifecycle_management", "cpes": [ "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "9.3.3" }, { "last_affected": "9.3.4" }, { "last_affected": "9.3.5" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:application_testing_suite", "cpes": [ "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.5.0.3" }, { "last_affected": "13.1.0.1" }, { "last_affected": "13.2.0.1" }, { "last_affected": "13.3.0.1" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:communications_online_mediation_controller", "cpes": [ "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "6.1" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:communications_unified_inventory_management", "cpes": [ "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "7.3.2" }, { "last_affected": "7.3.4" }, { "last_affected": "7.3.5" }, { "last_affected": "7.4.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:endeca_information_discovery_integrator", "cpes": [ "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "3.1.0" }, { "last_affected": "3.2.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:enterprise_manager", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager:13.2:*:*:*:*:mysql:*:*" ], "extracted_events": [ { "last_affected": "13.2" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:enterprise_manager_ops_center", "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.3.3" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:flexcube_private_banking", "cpes": [ "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "2.0.0.0" }, { "last_affected": "2.2.0.1" }, { "last_affected": "12.0.1.0" }, { "last_affected": "12.0.3.0" }, { "last_affected": "12.1.0.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:healthcare_master_person_index", "cpes": [ "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "3.0" }, { "last_affected": "4.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:hospitality_guest_access", "cpes": [ "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "4.2.0" }, { "last_affected": "4.2.1" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:insurance_rules_palette", "cpes": [ "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "10.0" }, { "last_affected": "10.2" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:micros_lucas", "cpes": [ "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "2.9.5" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:product_lifecycle_management", "cpes": [ "cpe:2.3:a:oracle:product_lifecycle_management:9.3.6:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "9.3.6" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_advanced_inventory_planning", "cpes": [ "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "15.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_clearance_optimization_engine", "cpes": [ "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "14.0.5" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_customer_insights", "cpes": [ "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_markdown_optimization", "cpes": [ "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "13.4.4" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_predictive_application_server", "cpes": [ "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "14.0.3.26" }, { "last_affected": "14.1.3.37" }, { "last_affected": "15.0.3.100" }, { "last_affected": "16.0" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_service_backbone", "cpes": [ "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "16.0.1" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:retail_xstore_point_of_service", "cpes": [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "7.1" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:utilities_network_management_system", "cpes": [ "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "1.12.0.3" } ], "source": "CPE_STRING" }, { "vendor_product": "oracle:weblogic_server", "cpes": [ "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "12.2.1.3.0" } ], "source": "CPE_STRING" } ] }- References
-
- https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
- https://pivotal.io/security/cve-2018-11040
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Affected packages
Git / github.com/spring-projects/spring-framework
Affected ranges
- Type
- GIT
- Repo
- https://github.com/spring-projects/spring-framework
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "4.3.18" }, { "introduced": "5.0.0" }, { "fixed": "5.0.7" } ], "cpe": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }