Lucene search

[email protected]NVD:CVE-2018-18506

HistoryFeb 05, 2019 - 9:29 p.m.

CVE-2018-18506

2019-02-0521:29:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

Affected configurations

NVD

Node

mozillafirefoxRange<65.0

Node

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_ausMatch8.6

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

opensuseleapMatch15.0

opensuseleapMatch42.3

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html

lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html

www.securityfocus.com/bid/106773

access.redhat.com/errata/RHSA-2019:0622

access.redhat.com/errata/RHSA-2019:0623

access.redhat.com/errata/RHSA-2019:0680

access.redhat.com/errata/RHSA-2019:0681

access.redhat.com/errata/RHSA-2019:0966

access.redhat.com/errata/RHSA-2019:1144

lists.debian.org/debian-lts-announce/2019/03/msg00024.html

lists.debian.org/debian-lts-announce/2019/04/msg00000.html

seclists.org/bugtraq/2019/Apr/0

seclists.org/bugtraq/2019/Mar/28

security.gentoo.org/glsa/201904-07

usn.ubuntu.com/3874-1/

usn.ubuntu.com/3927-1/

www.debian.org/security/2019/dsa-4411

www.debian.org/security/2019/dsa-4420

www.mozilla.org/security/advisories/mfsa2019-01/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

Related for NVD:CVE-2018-18506