Lucene search

[email protected]NVD:CVE-2018-1336

HistoryAug 02, 2018 - 2:29 p.m.

CVE-2018-1336

2018-08-0214:29:00

CWE-835

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.4%

JSON

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Affected configurations

NVD

Node

apachetomcatRange7.0.28–7.0.86

apachetomcatRange8.0.0–8.0.51

apachetomcatRange8.5.0–8.5.30

apachetomcatRange9.0.1–9.0.7

apachetomcatMatch8.0.0rc1

apachetomcatMatch8.0.0rc10

apachetomcatMatch8.0.0rc2

apachetomcatMatch8.0.0rc3

apachetomcatMatch8.0.0rc4

apachetomcatMatch8.0.0rc5

apachetomcatMatch8.0.0rc6

apachetomcatMatch8.0.0rc7

apachetomcatMatch8.0.0rc8

apachetomcatMatch8.0.0rc9

apachetomcatMatch9.0.0milestone10

apachetomcatMatch9.0.0milestone11

apachetomcatMatch9.0.0milestone12

apachetomcatMatch9.0.0milestone13

apachetomcatMatch9.0.0milestone14

apachetomcatMatch9.0.0milestone15

apachetomcatMatch9.0.0milestone16

apachetomcatMatch9.0.0milestone17

apachetomcatMatch9.0.0milestone18

apachetomcatMatch9.0.0milestone19

apachetomcatMatch9.0.0milestone20

apachetomcatMatch9.0.0milestone21

apachetomcatMatch9.0.0milestone22

apachetomcatMatch9.0.0milestone23

apachetomcatMatch9.0.0milestone24

apachetomcatMatch9.0.0milestone25

apachetomcatMatch9.0.0milestone26

apachetomcatMatch9.0.0milestone27

apachetomcatMatch9.0.0milestone9

Node

redhatjboss_enterprise_application_platformMatch6.0.0

redhatjboss_enterprise_application_platformMatch6.4.0

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatjboss_enterprise_web_serverMatch3.0.0

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatjboss_enterprise_web_serverMatch5.0.0

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

References

mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E

www.securityfocus.com/bid/104898

www.securitytracker.com/id/1041375

access.redhat.com/errata/RHEA-2018:2188

access.redhat.com/errata/RHEA-2018:2189

access.redhat.com/errata/RHSA-2018:2700

access.redhat.com/errata/RHSA-2018:2701

access.redhat.com/errata/RHSA-2018:2740

access.redhat.com/errata/RHSA-2018:2741

access.redhat.com/errata/RHSA-2018:2742

access.redhat.com/errata/RHSA-2018:2743

access.redhat.com/errata/RHSA-2018:2921

access.redhat.com/errata/RHSA-2018:2930

access.redhat.com/errata/RHSA-2018:2939

access.redhat.com/errata/RHSA-2018:2945

access.redhat.com/errata/RHSA-2018:3768

lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

lists.debian.org/debian-lts-announce/2018/09/msg00001.html

security.netapp.com/advisory/ntap-20180817-0001/

support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS

usn.ubuntu.com/3723-1/

www.debian.org/security/2018/dsa-4281

www.oracle.com/security-alerts/cpuapr2020.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for NVD:CVE-2018-1336