Lucene search

K
cveMitreCVE-2018-1000873
HistoryDec 20, 2018 - 5:29 p.m.

CVE-2018-1000873

2018-12-2017:29:00
CWE-20
mitre
web.nvd.nist.gov
191
cve-2018-1000873
fasterxml jackson
improper input validation
dos
cwe-20
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

76.8%

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Affected configurations

Nvd
Node
fasterxmljackson-modules-java8Range<2.9.8
Node
oracleclusterwareMatch12.1.0.2.0
OR
oracledatabase_serverMatch12.1.0.2
OR
oracledatabase_serverMatch12.2.0.1
OR
oracledatabase_serverMatch18c
OR
oracledatabase_serverMatch19c
OR
oracleglobal_lifecycle_management_opatchRange<11.2.0.3.23
OR
oracleglobal_lifecycle_management_opatchRange12.2.0.1.012.2.0.1.19
OR
oracleglobal_lifecycle_management_opatchRange13.9.4.0.013.9.4.2.1
OR
oraclenosql_databaseRange<19.3.12
Node
netappactive_iq_unified_managerRange7.3linux
OR
netappactive_iq_unified_managerRange7.3windows
OR
netappactive_iq_unified_managerRange9.5vmware_vsphere
VendorProductVersionCPE
fasterxmljackson-modules-java8*cpe:2.3:a:fasterxml:jackson-modules-java8:*:*:*:*:*:*:*:*
oracleclusterware12.1.0.2.0cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*
oracledatabase_server12.1.0.2cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
oracledatabase_server12.2.0.1cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
oracledatabase_server18ccpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
oracledatabase_server19ccpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
oracleglobal_lifecycle_management_opatch*cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
oraclenosql_database*cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
netappactive_iq_unified_manager*cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Rows per page:
1-10 of 111

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.005

Percentile

76.8%