5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1196

GHSA ID

GHSA-xx65-cc7g-9pfp

EPSS Score

0.68612%

CWE

CWE-59

Published

10/18/2018

Updated

2/1/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1196

CVE-2018-1196: Moderate severity vulnerability that affects org.springframework.boot:spring-boot

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

(GitHub Advisory)

5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1196

GHSA ID

GHSA-xx65-cc7g-9pfp

EPSS Score

0.68612%

CWE

CWE-59

Published

10/18/2018

Updated

2/1/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework.boot:spring-boot	maven	>= 1.5.0, < 1.5.10	1.5.10

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability resides in the shell script's service initialization logic rather than Java code. The embedded launch script's functions handling PID file creation (start) and file permission management (prepare_pid_file) perform unsafe file operations that follow symlinks. These would appear in process execution traces when the service starts/stops. The lack of '--' parameter in touch/chown commands and missing symlink checks in these functions directly enable the symlink attack vector described in CVE-2018-1196.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin* *oot supports *n *m****** l*un** s*ript t**t **n ** us** to **sily run t** *ppli**tion *s * syst*m* or init.* linux s*rvi**. T** s*ript in*lu*** wit* Sprin* *oot *.*.* *n* **rli*r *n* *.*.*.M* t*rou** *.*.*.M* is sus**pti*l* to * symlink *tt**

Reasoning

T** vuln*r**ility r*si**s in t** s**ll s*ript's s*rvi** initi*liz*tion lo*i* r*t**r t**n J*v* *o**. T** *m****** l*un** s*ript's *un*tions **n*lin* PI* *il* *r**tion (st*rt) *n* *il* p*rmission m*n***m*nt (pr*p*r*_pi*_*il*) p*r*orm uns*** *il* op*r*t

5.9

Basic Information

Concerned about an active attack path?

CVE-2018-1196: Moderate severity vulnerability that affects org.springframework.boot:spring-boot

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI