Lucene search

MitreCVE-2018-18864

HistoryNov 20, 2018 - 7:29 p.m.

CVE-2018-18864

2018-11-2019:29:01

CWE-79

mitre

web.nvd.nist.gov

loadbalancer.org

enterprise

va max

8.3.3

xss

apache http server

logs

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.

Affected configurations

Nvd

Node

loadbalancerenterprise_va_maxRange<8.3.3

VendorProductVersionCPE
loadbalancerenterprise_va_max*cpe:2.3:a:loadbalancer:enterprise_va_max:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
loadbalancer	enterprise_va_max	*	cpe:2.3:a:loadbalancer:enterprise_va_max::::::::

References

packetstormsecurity.com/files/150135/Loadbalancer.org-Enterprise-VA-MAX-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2018/Nov/5

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Related for CVE-2018-18864