VDB
CVE-2018-12538
CVE-2018-12538
PUBLISHED
CVSS 8.800000190734863 HIGH
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
EPSS 0.52% · 67.0th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.52%
67.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| netapp | element_software | |
| netapp | e-series_santricity_os_controller | 11.0 |
| netapp | snapcenter | |
| eclipse | jetty | 9.4.0 |
| netapp | oncommand_system_manager | 3.0.0 |
| The Eclipse Foundation | Eclipse Jetty | unspecified, 9.4.0 |
| netapp | hyper_converged_infrastructure | |
| netapp | snapmanager | |
| Maven | org.eclipse.jetty:jetty-server | 9.4.0 |
| netapp | santricity_cloud_connector | |
| netapp | e-series_santricity_management_plug-ins | |
| netapp | e-series_santricity_web_services_proxy | |
| netapp | oncommand_unified_manager | |
| netapp | snap_creator_framework |
Exploit Intelligence
- 1041194 (circl)
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (circl)
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image (circl)
- https://www.oracle.com/security-alerts/cpuoct2020.html (circl)
- https://security.netapp.com/advisory/ntap-20181014-0001/ (circl)
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018 (circl)
Timeline
- Jun 22, 2018 CVE Published
- Oct 9, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://www.ibm.com/support/pages/node/7173631 advisory
- https://www.ibm.com/support/pages/node/7174016 advisory
- https://www.ibm.com/support/pages/node/7174015 advisory
- https://www.ibm.com/support/pages/node/7173632 advisory
- https://www.ibm.com/support/pages/node/7172691 advisory
- https://www.ibm.com/support/pages/node/7172692 advisory
- https://www.ibm.com/support/pages/node/7173592 advisory
- https://www.ibm.com/support/pages/node/7173866 advisory
- 1041194 vdb
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html url
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image mailing-list
- https://www.oracle.com/security-alerts/cpuoct2020.html url
- https://security.netapp.com/advisory/ntap-20181014-0001/ url
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018 url
- https://nvd.nist.gov/vuln/detail/CVE-2018-12538 advisory
- https://github.com/advisories/GHSA-mwcx-532g-8pq3 advisory
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E url
- https://security.netapp.com/advisory/ntap-20181014-0001 url