Can the new vulnerabilities in the Spring framework (CVE-2018-1270, 1271, 1272) be discovered by Qualys scans ?
We recently released the following QIDs: QID 370877 : Pivotal Spring Framework STOMP Messaging Remote Code Execution Vulnerability - CVE-2018-1270 - Windows & Unix authentication
We are still evaluating detections for the following:
Spring Framework Directory Traversal Vulnerability - CVE-2018-1271
Spring Framework Multi-part Content Pollution Privilege Escalation Vulnerability - CVE-2018-1272
I will update this thread once, they are out.
Didier I don't currently see the CVE references in the Qualys KB. I do see CVE-2017-8046 which was posted New QID for RCE in Pivotal Spring Data REST package
Not the same but are you seeing this one being detected?
dderck: Have you Contacted Support - Technical Assistance Inquiry Form | Qualys, Inc to open a case to have this investigated and addressed?
Retrieving data ...