Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-1000873
HistoryDec 20, 2018 - 12:00 a.m.

CVE-2018-1000873

2018-12-2000:00:00
ubuntu.com
ubuntu.com
13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

76.8%

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input
Validation vulnerability in Jackson-Modules-Java8 that can result in Causes
a denial-of-service (DoS). This attack appear to be exploitable via The
victim deserializes malicious input, specifically very large values in the
nanoseconds field of a time value. This vulnerability appears to have been
fixed in 2.9.8.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

76.8%