Lucene search

[email protected]CVE-2018-8088

HistoryMar 20, 2018 - 4:29 p.m.

CVE-2018-8088

2018-03-2016:29:00

[email protected]

web.nvd.nist.gov

166

cve

2018

8088

remote code execution

vulnerability

slf4j

nvd

security

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.8%

JSON

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Affected configurations

NVD

Node

qosslf4jRange<1.7.26

qosslf4jMatch1.8.0alpha1

qosslf4jMatch1.8.0alpha2

qosslf4jMatch1.8.0beta1

qosslf4jMatch1.8.0beta2

Node

redhatjboss_enterprise_application_platformMatch7.1

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatjboss_enterprise_application_platformMatch6.0.0

redhatjboss_enterprise_application_platformMatch6.4.0

AND

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatvirtualizationMatch4.0

redhatvirtualization_hostMatch4.0

AND

redhatenterprise_linux_serverMatch7.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.4

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch7.0

Node

oraclegoldengate_application_adaptersMatch12.3.2.1.0

oraclegoldengate_stream_analyticsRange<19.1.0.0.1

oracleutilities_frameworkMatch4.2.0.2.0

oracleutilities_frameworkMatch4.2.0.3.0

oracleutilities_frameworkMatch4.3.0.2.0

oracleutilities_frameworkMatch4.3.0.3.0

oracleutilities_frameworkMatch4.3.0.4.0

oracleutilities_frameworkMatch4.3.0.5.0

oracleutilities_frameworkMatch4.3.0.6.0

oracleutilities_frameworkMatch4.4.0.0.0

CPENameOperatorVersion
qos:slf4jqos slf4jlt1.7.26
qos:slf4jqos slf4jeq1.8.0

CPE	Name	Operator	Version
qos:slf4j	qos slf4j	lt	1.7.26
qos:slf4j	qos slf4j	eq	1.8.0

References

www.securityfocus.com/bid/103737

www.securitytracker.com/id/1040627

access.redhat.com/errata/RHSA-2018:0582

access.redhat.com/errata/RHSA-2018:0592

access.redhat.com/errata/RHSA-2018:0627

access.redhat.com/errata/RHSA-2018:0628

access.redhat.com/errata/RHSA-2018:0629

access.redhat.com/errata/RHSA-2018:0630

access.redhat.com/errata/RHSA-2018:1247

access.redhat.com/errata/RHSA-2018:1248

access.redhat.com/errata/RHSA-2018:1249

access.redhat.com/errata/RHSA-2018:1251

access.redhat.com/errata/RHSA-2018:1323

access.redhat.com/errata/RHSA-2018:1447

access.redhat.com/errata/RHSA-2018:1448

access.redhat.com/errata/RHSA-2018:1449

access.redhat.com/errata/RHSA-2018:1450

access.redhat.com/errata/RHSA-2018:1451

access.redhat.com/errata/RHSA-2018:1525

access.redhat.com/errata/RHSA-2018:1575

access.redhat.com/errata/RHSA-2018:2143

access.redhat.com/errata/RHSA-2018:2419

access.redhat.com/errata/RHSA-2018:2420

access.redhat.com/errata/RHSA-2018:2669

access.redhat.com/errata/RHSA-2018:2930

access.redhat.com/errata/RHSA-2019:2413

access.redhat.com/errata/RHSA-2019:3140

github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405

jira.qos.ch/browse/SLF4J-430

jira.qos.ch/browse/SLF4J-431

lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E

lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E

lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E

lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E

lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E

lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E

lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E

lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E

lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E

lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E

lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E

lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E

lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E

security.netapp.com/advisory/ntap-20231227-0010/

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.slf4j.org/news.html

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2018-8088

openvas7 fedora3 nvd1 nessus27 redhat26 centos1 ubuntucve1 prion1 osv2 oraclelinux1 veracode2 github1 debiancve1 redhatcve2 cvelist1 suse1 amazon1 photon2 ibm5 oracle4