CVE-2018-10054

🗓️ 11 Apr 2018 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 111 Views🌐 WEB

H2 1.4.197 allows remote code execution via CREATE ALIAS

Reporter	Title	Published	Views	Family All 18
GithubExploit	h2database-rce-poc	29 Apr 202612:58	–	githubexploit
Atlassian	Jira Service Management / Insight Asset Management vulnerable to RCE Security	21 Sep 202103:03	–	atlassian
Atlassian	RCE (Remote Code Execution) com.h2database:h2 Dependency in Bamboo Data Center and Server	14 Dec 202314:45	–	atlassian
Atlassian	Jira Service Management / Insight Asset Management vulnerable to RCE Security	21 Sep 202103:03	–	atlassian
Broadcom	BSA-2022-1838	3 May 202200:00	–	broadcom
IBM Security Bulletins	Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335)	14 May 202121:25	–	ibm
Circl	CVE-2018-10054	15 Aug 202320:50	–	circl
Cvelist	CVE-2018-10054	11 Apr 201800:00	–	cvelist
Github Security Blog	Improper Input Validation in Datomic	13 May 202201:30	–	github
Metasploit	H2 Web Interface Create Alias RCE	16 Aug 202319:50	–	metasploit

NVD

Node

cognitect datomicRange<0.9.5697

h2database h2Match1.4.197

Source	Link
lists	www.lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E
blog	www.blog.datomic.com/2018/03/important-security-update.html
forum	www.forum.datomic.com/t/important-security-update-0-9-5697/379
lists	www.lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E
exploit-db	www.exploit-db.com/exploits/44422/
github	www.github.com/h2database/h2database/issues/1225
github	www.github.com/h2database/h2database/issues/3099
mthbernardes	www.mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
security	www.security.netapp.com/advisory/ntap-20240719-0003/
github	www.github.com/h2database/h2database/issues/1808

Parameter	Position	Path	Description	CWE
jsessionid	query param	login.jsp	H2 web interface uses a session id via jsessionid in the login.jsp flow; could be part of an authenticated path leading to RCE when combined with further steps.	CWE-264
language	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
setting	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
name	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
driver	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
url	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
user	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
password	request body	login.do	Login submission to H2 web interface can be used to establish a database connection; if misused in conjunction with subsequent alias-based RCE, may facilitate exploit.	CWE-264
sql	request body	query.do	Executes arbitrary SQL sent in the sql parameter; used to create and call an ALIAS that can run arbitrary Java code enabling RCE.	CWE-20

21 Nov 2024 03:40Current

9High risk

Vulners AI Score9

CVSS 26.5

CVSS 3.18.8

EPSS0.71578

SSVC

CWE-20

cve-2018-10054 h2 1.4.197 datomic remote code execution create alias nvd java code information security