cnvd - cnvd-2018-17886

cnvd-2018-17886

Vulnerability from cnvd

Title

Eclipse Jetty权限提升漏洞

Description

Jetty是一个纯粹的基于Java的网页服务器和Java Servlet容器。 Eclipse Jetty 9.4.0版本至9.4.8版本中存在权限提升漏洞。攻击者可利用该漏洞访问/劫持其他HttpSessions并删除不匹配的HttpSessions。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.eclipse.org/jetty/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-12538

Impacted products

Name
Eclipse Jetty >=9.4.0，<=9.4.8

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12538"
    }
  },
  "description": "Jetty\u662f\u4e00\u4e2a\u7eaf\u7cb9\u7684\u57fa\u4e8eJava\u7684\u7f51\u9875\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\r\n\r\nEclipse Jetty 9.4.0\u7248\u672c\u81f39.4.8\u7248\u672c\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee/\u52ab\u6301\u5176\u4ed6HttpSessions\u5e76\u5220\u9664\u4e0d\u5339\u914d\u7684HttpSessions\u3002",
  "discovererName": "Jesse McConnell",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.eclipse.org/jetty/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17886",
  "openTime": "2018-09-07",
  "products": {
    "product": "Eclipse Jetty \u003e=9.4.0\uff0c\u003c=9.4.8"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12538",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-25",
  "title": "Eclipse Jetty\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2018-12538 (GCVE-0-2018-12538)

Vulnerability from cvelistv5

Published

2018-06-22 19:00

Modified

2024-08-05 08:38

Severity ?

CWE

CWE-6 - J2EE Misconfiguration: Insufficient Session-ID Length

Summary

In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.

References

URL

Tags

	http://www.securitytracker.com/id/1041194	vdb-entry, x_refsource_SECTRACK
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuoct2020.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20181014-0001/	x_refsource_CONFIRM
	https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	The Eclipse Foundation	Eclipse Jetty	Version: unspecified < 9.4.9 Version: 9.4.0 < unspecified

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:06.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041194",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041194"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "9.4.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-6",
              "description": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:53",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "name": "1041194",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041194"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2018-12538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.4.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem\u0027s storage for the FileSessionDataStore."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041194",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041194"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181014-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2018-12538",
    "datePublished": "2018-06-22T19:00:00",
    "dateReserved": "2018-06-18T00:00:00",
    "dateUpdated": "2024-08-05T08:38:06.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.