HIGH✓ PATCH🇬🇧 English

CVE-2018-12538

CVSS 8.8v3.0pub. 2018-06-22upd. 2024-11-21

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Eclipse Jetty

    APP
    Eclipse
    9.4.0 – 9.4.8
  • Netapp Element Software

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Santricity Management Plug Ins

    APP
    Netapp
    wszystkie wersje
  • Netapp E Series Santricity Os Controller

    APP
    Netapp
    11.0 – 11.40
  • Netapp E Series Santricity Web Services Proxy

    APP
    Netapp
    wszystkie wersje
  • Netapp Hyper Converged Infrastructure

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand System Manager

    APP
    Netapp
    3.0.0 – 3.1.3
  • Netapp Oncommand Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Santricity Cloud Connector

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Snap Creator Framework

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapmanager

    APP
    Netapp
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-46604CRITICAL10.0⚠ KEVten sam produkt

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2020-1938CRITICAL9.8⚠ KEVten sam produkt

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...

CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2018-12538 — HIGH 8.8 | CVEbaza.pl