Lucene search

[email protected]CVE-2018-8088

HistoryMar 20, 2018 - 4:29 p.m.

CVE-2018-8088

2018-03-2016:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

152

cve

2018

8088

remote code execution

vulnerability

slf4j

nvd

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

CPENameOperatorVersion
qos:slf4jqos slf4jeq1.8.0
qos:slf4jqos slf4jlt1.7.26
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq7.1
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.0.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.4.0
redhat:virtualizationredhat virtualizationeq4.0
redhat:virtualization_hostredhat virtualization hosteq4.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0

CPE	Name	Operator	Version
qos:slf4j	qos slf4j	eq	1.8.0
qos:slf4j	qos slf4j	lt	1.7.26
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	7.1
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.0.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.4.0
redhat:virtualization	redhat virtualization	eq	4.0
redhat:virtualization_host	redhat virtualization host	eq	4.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0

Rows per page:

1-10 of 301

References

www.securityfocus.com/bid/103737

www.securitytracker.com/id/1040627

access.redhat.com/errata/RHSA-2018:0582

access.redhat.com/errata/RHSA-2018:0592

access.redhat.com/errata/RHSA-2018:0627

access.redhat.com/errata/RHSA-2018:0628

access.redhat.com/errata/RHSA-2018:0629

access.redhat.com/errata/RHSA-2018:0630

access.redhat.com/errata/RHSA-2018:1247

access.redhat.com/errata/RHSA-2018:1248

access.redhat.com/errata/RHSA-2018:1249

access.redhat.com/errata/RHSA-2018:1251

access.redhat.com/errata/RHSA-2018:1323

access.redhat.com/errata/RHSA-2018:1447

access.redhat.com/errata/RHSA-2018:1448

access.redhat.com/errata/RHSA-2018:1449

access.redhat.com/errata/RHSA-2018:1450

access.redhat.com/errata/RHSA-2018:1451

access.redhat.com/errata/RHSA-2018:1525

access.redhat.com/errata/RHSA-2018:1575

access.redhat.com/errata/RHSA-2018:2143

access.redhat.com/errata/RHSA-2018:2419

access.redhat.com/errata/RHSA-2018:2420

access.redhat.com/errata/RHSA-2018:2669

access.redhat.com/errata/RHSA-2018:2930

access.redhat.com/errata/RHSA-2019:2413

access.redhat.com/errata/RHSA-2019:3140

github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405

jira.qos.ch/browse/SLF4J-430

jira.qos.ch/browse/SLF4J-431

lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E

lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E

lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E

lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E

lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E

lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E

lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E

lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E

lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E

security.netapp.com/advisory/ntap-20231227-0010/

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.slf4j.org/news.html

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2018-8088

nessus24 suse1 redhat26 amazon1 fedora3 openvas7 oraclelinux1 veracode2 github1 redhatcve2 osv2 debiancve1 prion1 ubuntucve1 centos1 photon2 ibm4 oracle4