Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2018-06-25T15:00:00Z

Updated: 2024-09-16T22:08:49.057Z

Reserved: 2018-05-14T00:00:00

Link: CVE-2018-11039

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-25T15:29:00.317

Modified: 2024-11-21T03:42:32.633

Link: CVE-2018-11039

cve-icon Redhat

Severity : Low

Publid Date: 2018-06-14T00:00:00Z

Links: CVE-2018-11039 - Bugzilla