[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

128153

 
 

909

 
 

105829

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-8088Date: (C)2018-04-02   (M)2019-08-12


org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-103737
SECTRACK-1040627
RHSA-2018:0582
RHSA-2018:0592
RHSA-2018:0627
RHSA-2018:0628
RHSA-2018:0629
RHSA-2018:0630
RHSA-2018:1247
RHSA-2018:1248
RHSA-2018:1249
RHSA-2018:1251
RHSA-2018:1323
RHSA-2018:1447
RHSA-2018:1448
RHSA-2018:1449
RHSA-2018:1450
RHSA-2018:1451
RHSA-2018:1525
RHSA-2018:1575
RHSA-2018:2143
RHSA-2018:2419
RHSA-2018:2420
RHSA-2018:2669
RHSA-2018:2930
RHSA-2019:2413
https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E
https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E
https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
https://jira.qos.ch/browse/SLF4J-430
https://jira.qos.ch/browse/SLF4J-431
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

CPE    4
cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
cpe:/o:redhat:enterprise_linux_workstation:7.0
...
CWE    1
CWE-502
OVAL    7
oval:org.secpod.oval:def:204773
oval:org.secpod.oval:def:502255
oval:org.secpod.oval:def:114214
oval:org.secpod.oval:def:114211
...

© SecPod Technologies