Details of VAR-201901-0713

ID

VAR-201901-0713

CVE

CVE-2018-1320

TITLE

Apache Thrift Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001445

DESCRIPTION

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. Apache Thrift Contains an input validation vulnerability.Information may be tampered with. Apache Thrift is prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Apache Thrift versions 0.5.0 through 0.11.0 are vulnerable. The Java client library is one of the client libraries. Attackers can exploit this vulnerability to bypass security detection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.4.0 security update Advisory ID: RHSA-2019:2413-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:2413 Issue date: 2019-08-08 CVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320 CVE-2018-8088 CVE-2018-10899 CVE-2018-15758 CVE-2019-0192 CVE-2019-3805 ==================================================================== 1. Summary: A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899) * spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758) * solr: remote code execution due to unsafe deserialization (CVE-2019-0192) * thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320) * spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security 1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution 1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class 1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization 1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2016-10750 https://access.redhat.com/security/cve/CVE-2018-1258 https://access.redhat.com/security/cve/CVE-2018-1320 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-10899 https://access.redhat.com/security/cve/CVE-2018-15758 https://access.redhat.com/security/cve/CVE-2019-0192 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g 4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad VzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc 90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw gNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF Mnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+ 7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy GYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg N/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK UFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3 Aa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu NNAto03aZgE=rpUB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.07

sources: NVD: CVE-2018-1320 // JVNDB: JVNDB-2019-001445 // BID: 106551 // VULHUB: VHN-123235 // PACKETSTORM: 153980

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	12.2.0.1.19	Trust: 1.0
vendor:	f5	model:	traffix signaling delivery controller	scope:	lte	version:	5.1.0	Trust: 1.0
vendor:	f5	model:	traffix signaling delivery controller	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	oracle	model:	nosql database	scope:	lt	version:	19.3.12	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	13.9.4.2.1	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	gte	version:	13.9.4.0.0	Trust: 1.0
vendor:	apache	model:	thrift	scope:	lte	version:	0.11.0	Trust: 1.0
vendor:	apache	model:	thrift	scope:	gte	version:	0.5.0	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	lt	version:	11.2.0.3.23	Trust: 1.0
vendor:	oracle	model:	global lifecycle management opatch	scope:	gte	version:	12.2.0.1.0	Trust: 1.0
vendor:	apache	model:	thrift	scope:	eq	version:	0.5.0 to 0.11.0	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	thrift	scope:	eq	version:	0.11	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.10	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.5	Trust: 0.3
vendor:	apache	model:	thrift	scope:	eq	version:	0.9	Trust: 0.3
vendor:	apache	model:	thrift	scope:	ne	version:	0.12	Trust: 0.3

sources: BID: 106551 // JVNDB: JVNDB-2019-001445 // NVD: CVE-2018-1320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1320
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-1320
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-099
value:	HIGH
Trust: 0.6
VULHUB:	VHN-123235
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-1320
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-123235
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1320
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-1320
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-123235 // JVNDB: JVNDB-2019-001445 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-123235 // JVNDB: JVNDB-2019-001445 // NVD: CVE-2018-1320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-099

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001445

PATCH

title:	[SECURITY] CVE-2018-1320 Announcement	url:	https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E	Trust: 0.8
title:	[SECURITY] [DLA 1662-1] libthrift-java security update	url:	https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html	Trust: 0.8
title:	Apache Thrift Java client library Remediation measures for authorization problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=88292	Trust: 0.6

sources: JVNDB: JVNDB-2019-001445 // CNNVD: CNNVD-201901-099

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1320	Trust: 2.9
db:	BID	id:	106551	Trust: 2.0
db:	OPENWALL	id:	OSS-SECURITY/2019/07/24/3	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-001445	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-099	Trust: 0.7
db:	PACKETSTORM	id:	153980	Trust: 0.7
db:	AUSCERT	id:	ESB-2023.1788	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3040	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4254	Trust: 0.6
db:	CS-HELP	id:	SB2022041520	Trust: 0.6
db:	VULHUB	id:	VHN-123235	Trust: 0.1

sources: VULHUB: VHN-123235 // BID: 106551 // JVNDB: JVNDB-2019-001445 // PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2019:2413	Trust: 2.4
url:	http://www.securityfocus.com/bid/106551	Trust: 2.3
url:	https://support.f5.com/csp/article/k36361684	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/07/24/3	Trust: 1.7
url:	https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3cuser.thrift.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3cdevnull.infra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3cuser.thrift.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3cdev.storm.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3cuser.storm.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3cannounce.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3ccommits.cassandra.apache.org%3e	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1320	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1320	Trust: 0.8
url:	https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80@%3cannounce.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5@%3ccommits.cassandra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3cdevnull.infra.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f@%3cdev.storm.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc@%3cuser.storm.apache.org%3e	Trust: 0.7
url:	https://packetstormsecurity.com/files/153980/red-hat-security-advisory-2019-2413-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3040/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1788	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041520	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4254/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://issues.apache.org/jira/browse/thrift-4506	Trust: 0.3
url:	https://thrift.apache.org/	Trust: 0.3
url:	https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.4.0	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1320	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-10899	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10750	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0192	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-8088	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10899	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-10750	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15758	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8088	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0192	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-15758	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3805	Trust: 0.1

sources: VULHUB: VHN-123235 // BID: 106551 // JVNDB: JVNDB-2019-001445 // PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099

SOURCES

db:	VULHUB	id:	VHN-123235
db:	BID	id:	106551
db:	JVNDB	id:	JVNDB-2019-001445
db:	PACKETSTORM	id:	153980
db:	CNNVD	id:	CNNVD-201901-099
db:	NVD	id:	CVE-2018-1320

LAST UPDATE DATE

2024-08-14T13:13:54.821000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-123235	date:	2020-06-04T00:00:00
db:	BID	id:	106551	date:	2019-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-001445	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201901-099	date:	2023-03-27T00:00:00
db:	NVD	id:	CVE-2018-1320	date:	2023-11-07T02:55:57.850

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-123235	date:	2019-01-07T00:00:00
db:	BID	id:	106551	date:	2019-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-001445	date:	2019-03-06T00:00:00
db:	PACKETSTORM	id:	153980	date:	2019-08-08T14:34:03
db:	CNNVD	id:	CNNVD-201901-099	date:	2019-01-08T00:00:00
db:	NVD	id:	CVE-2018-1320	date:	2019-01-07T17:29:00.360