Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2018-1316
HistoryMar 05, 2018 - 2:29 p.m.

Directory traversal

2018-03-0514:29:00
PRIOn knowledge base
www.prio-n.com
3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

CPENameOperatorVersion
odegt1.1.1
odele1.3.2
odeeq1.1.1 rc1
odeeq1.1 rc5
odeeq1.1 rc4
odeeq1.1 rc3
odeeq1.1 rc2
odeeq1.1 rc1
odeeq1.0
odeeq1.0
Rows per page:
1-10 of 131

Related

osv 4
github 3
cve 3
f5 3
veracode 2
ubuntucve 2
nessus 18
prion 2
securityvulns 3
openvas 23
tomcat 3
vmware 4
redhat 5
atlassian 2
fedora 3
centos 1
oraclelinux 1
ibm 1
osv
osv
CVE-2018-1316
2018-03-05 14:29:00
Apache ODE Path Traversal vulnerability
2022-05-14 03:35:05
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
github
github
Apache ODE Path Traversal vulnerability
2022-05-14 03:35:05
Apache Tomcat Path Traversal Vulnerability
2022-05-01 23:49:31
Apache Tomcat Directory Traversal vulnerability
2022-05-01 23:55:04
cve
cve
CVE-2018-1316
2018-03-05 14:29:00
CVE-2008-2370
2008-08-04 01:41:00
CVE-2008-2938
2008-08-13 00:41:00
f5
f5
SOL9110 - Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2008-09-01 00:00:00
K9110 : Apache Tomcat information disclosure vulnerability - CVE-2008-2370
2013-03-25 00:00:00
K67352212 : Apache vulnerabilities CVE-2018-1286, CVE-2018-1294, CVE-2018-1316, CVE-2018-1319, and CVE-2018-1324
2018-09-04 00:00:00
veracode
veracode
Directory Traversal
2018-11-09 07:23:15
Directory Traversal
2018-03-06 02:56:23
ubuntucve
ubuntucve
CVE-2008-2370
2008-08-04 00:00:00
CVE-2008-2938
2008-08-13 00:00:00
nessus
nessus
F5 Networks BIG-IP : Apache Tomcat information disclosure vulnerability (SOL9110)
2014-10-10 00:00:00
VMSA-2009-0002 : VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-10-19 00:00:00
Apache Tomcat 4.x < 4.1.39 Multiple Vulnerabilities
2010-06-11 00:00:00
prion
prion
Directory traversal
2008-08-04 01:41:00
Directory traversal
2008-08-13 00:41:00
securityvulns
securityvulns
[SECURITY] CVE-2008-2370: Apache CouchDB Timing Attack Vulnerability
2010-04-05 00:00:00
[CVE-2008-2370] Apache Tomcat information disclosure vulnerability
2008-08-01 00:00:00
Apache Tomcat multiple security vulnerabilities
2009-01-28 00:00:00
openvas
openvas
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
2008-08-07 00:00:00
Fedora Update for tomcat6 FEDORA-2008-7977
2009-02-17 00:00:00
RedHat Update for tomcat RHSA-2008:0648-01
2009-03-06 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 4.1.39
2008-01-07 00:00:00
Fixed in Apache Tomcat 5.5.27
2008-09-08 00:00:00
Fixed in Apache Tomcat 6.0.18
2008-07-31 00:00:00
vmware
vmware
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27
2009-02-23 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
redhat
redhat
(RHSA-2008:0877) Important: jbossweb security update
2008-09-22 00:00:00
(RHSA-2008:0648) Important: tomcat security update
2008-08-27 00:00:00
(RHSA-2008:0864) Important: tomcat security update
2008-10-02 00:00:00
atlassian
atlassian
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
Upgrade standalone Tomcat to 5.5.25
2008-01-15 04:23:59
fedora
fedora
[SECURITY] Fedora 9 Update: tomcat5-5.5.27-0jpp.2.fc9
2008-09-16 23:25:10
[SECURITY] Fedora 9 Update: tomcat6-6.0.18-1.1.fc9
2008-09-11 17:17:43
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
centos
centos
tomcat5 security update
2008-08-28 22:01:41
oraclelinux
oraclelinux
tomcat security update
2008-08-27 00:00:00
ibm
ibm
Security Bulletin: TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries
2023-01-27 10:54:22

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.7%

JSON
Related for PRION:CVE-2018-1316
osv4github3cve3f53veracode2ubuntucve2nessus18prion2securityvulns3openvas23tomcat3vmware4redhat5atlassian2fedora3centos1oraclelinux1ibm1