Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2018-12538

Published: 22/06/2018 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Jetty

Vulnerability Summary

In Eclipse Jetty versions 9.4.0 up to and including 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jetty

netapp e-series santricity os controller

netapp snap creator framework -

netapp hyper converged infrastructure -

netapp element software -

netapp santricity cloud connector -

netapp snapcenter -

netapp oncommand unified manager -

netapp e-series santricity management plug-ins -

netapp e-series santricity web services proxy -

netapp oncommand system manager

netapp snapmanager -

Vendor Advisories

Debian CVElist Bug Report Logs: jetty9: CVE-2018-12536
Debian Bug report logs - #902774 jetty9: CVE-2018-12536 Package: jetty9; Maintainer for jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for jetty9 is src:jetty9 (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sat, 30 Jun 2018 18:45:04 UTC Severity: g ...
Debian CVElist Bug Report Logs: jetty9: CVE-2017-7656 CVE-2017-7657 CVE-2017-7658
Debian Bug report logs - #902953 jetty9: CVE-2017-7656 CVE-2017-7657 CVE-2017-7658 Package: jetty9; Maintainer for jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for jetty9 is src:jetty9 (PTS, buildd, popcon) Reported by: Markus Koschany <apo@debianorg> Date: Sat, 30 Jun 201 ...
Red Hat: CVE-2018-12538
In Eclipse Jetty versions 940 through 948, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore ...

References

CWE-384https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018http://www.securitytracker.com/id/1041194https://security.netapp.com/advisory/ntap-20181014-0001/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902774https://access.redhat.com/security/cve/cve-2018-12538
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook