ID

VAR-201901-0713


CVE

CVE-2018-1320


TITLE

Apache Thrift Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001445

DESCRIPTION

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. Apache Thrift Contains an input validation vulnerability.Information may be tampered with. Apache Thrift is prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Apache Thrift versions 0.5.0 through 0.11.0 are vulnerable. The Java client library is one of the client libraries. Attackers can exploit this vulnerability to bypass security detection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.4.0 security update Advisory ID: RHSA-2019:2413-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:2413 Issue date: 2019-08-08 CVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320 CVE-2018-8088 CVE-2018-10899 CVE-2018-15758 CVE-2019-0192 CVE-2019-3805 ==================================================================== 1. Summary: A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899) * spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758) * solr: remote code execution due to unsafe deserialization (CVE-2019-0192) * thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320) * spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security 1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution 1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class 1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization 1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2016-10750 https://access.redhat.com/security/cve/CVE-2018-1258 https://access.redhat.com/security/cve/CVE-2018-1320 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-10899 https://access.redhat.com/security/cve/CVE-2018-15758 https://access.redhat.com/security/cve/CVE-2019-0192 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g 4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad VzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc 90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw gNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF Mnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+ 7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy GYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg N/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK UFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3 Aa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu NNAto03aZgE=rpUB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.07

sources: NVD: CVE-2018-1320 // JVNDB: JVNDB-2019-001445 // BID: 106551 // VULHUB: VHN-123235 // PACKETSTORM: 153980

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:12.2.0.1.19

Trust: 1.0

vendor:f5model:traffix signaling delivery controllerscope:lteversion:5.1.0

Trust: 1.0

vendor:f5model:traffix signaling delivery controllerscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:nosql databasescope:ltversion:19.3.12

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:13.9.4.2.1

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:gteversion:13.9.4.0.0

Trust: 1.0

vendor:apachemodel:thriftscope:lteversion:0.11.0

Trust: 1.0

vendor:apachemodel:thriftscope:gteversion:0.5.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:11.2.0.3.23

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:gteversion:12.2.0.1.0

Trust: 1.0

vendor:apachemodel:thriftscope:eqversion:0.5.0 to 0.11.0

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:apachemodel:thriftscope:eqversion:0.11

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.10

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.9.3

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.9.2

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.9.1

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.5

Trust: 0.3

vendor:apachemodel:thriftscope:eqversion:0.9

Trust: 0.3

vendor:apachemodel:thriftscope:neversion:0.12

Trust: 0.3

sources: BID: 106551 // JVNDB: JVNDB-2019-001445 // NVD: CVE-2018-1320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1320
value: HIGH

Trust: 1.0

NVD: CVE-2018-1320
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-099
value: HIGH

Trust: 0.6

VULHUB: VHN-123235
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1320
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123235
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1320
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-1320
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-123235 // JVNDB: JVNDB-2019-001445 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-123235 // JVNDB: JVNDB-2019-001445 // NVD: CVE-2018-1320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-099

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-099

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001445

PATCH

title:[SECURITY] CVE-2018-1320 Announcementurl:https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E

Trust: 0.8

title:[SECURITY] [DLA 1662-1] libthrift-java security updateurl:https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html

Trust: 0.8

title:Apache Thrift Java client library Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=88292

Trust: 0.6

sources: JVNDB: JVNDB-2019-001445 // CNNVD: CNNVD-201901-099

EXTERNAL IDS

db:NVDid:CVE-2018-1320

Trust: 2.9

db:BIDid:106551

Trust: 2.0

db:OPENWALLid:OSS-SECURITY/2019/07/24/3

Trust: 1.7

db:JVNDBid:JVNDB-2019-001445

Trust: 0.8

db:CNNVDid:CNNVD-201901-099

Trust: 0.7

db:PACKETSTORMid:153980

Trust: 0.7

db:AUSCERTid:ESB-2023.1788

Trust: 0.6

db:AUSCERTid:ESB-2019.3040

Trust: 0.6

db:AUSCERTid:ESB-2020.4254

Trust: 0.6

db:CS-HELPid:SB2022041520

Trust: 0.6

db:VULHUBid:VHN-123235

Trust: 0.1

sources: VULHUB: VHN-123235 // BID: 106551 // JVNDB: JVNDB-2019-001445 // PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

REFERENCES

url:https://access.redhat.com/errata/rhsa-2019:2413

Trust: 2.4

url:http://www.securityfocus.com/bid/106551

Trust: 2.3

url:https://support.f5.com/csp/article/k36361684

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.7

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2019/07/24/3

Trust: 1.7

url:https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3cuser.thrift.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3cdevnull.infra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3cuser.thrift.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3cdev.storm.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3cuser.storm.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3cannounce.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3ccommits.cassandra.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-1320

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1320

Trust: 0.8

url:https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80@%3cannounce.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5@%3ccommits.cassandra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3cdevnull.infra.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f@%3cdev.storm.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc@%3cuser.storm.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/153980/red-hat-security-advisory-2019-2413-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3040/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1788

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041520

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4254/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/

Trust: 0.6

url:https://issues.apache.org/jira/browse/thrift-4506

Trust: 0.3

url:https://thrift.apache.org/

Trust: 0.3

url:https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-1258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.4.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1320

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10899

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10750

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0192

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8088

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10899

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10750

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-15758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-8088

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0192

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3805

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-15758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3805

Trust: 0.1

sources: VULHUB: VHN-123235 // BID: 106551 // JVNDB: JVNDB-2019-001445 // PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099 // NVD: CVE-2018-1320

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 153980 // CNNVD: CNNVD-201901-099

SOURCES

db:VULHUBid:VHN-123235
db:BIDid:106551
db:JVNDBid:JVNDB-2019-001445
db:PACKETSTORMid:153980
db:CNNVDid:CNNVD-201901-099
db:NVDid:CVE-2018-1320

LAST UPDATE DATE

2024-08-14T13:13:54.821000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-123235date:2020-06-04T00:00:00
db:BIDid:106551date:2019-01-07T00:00:00
db:JVNDBid:JVNDB-2019-001445date:2019-03-06T00:00:00
db:CNNVDid:CNNVD-201901-099date:2023-03-27T00:00:00
db:NVDid:CVE-2018-1320date:2023-11-07T02:55:57.850

SOURCES RELEASE DATE

db:VULHUBid:VHN-123235date:2019-01-07T00:00:00
db:BIDid:106551date:2019-01-07T00:00:00
db:JVNDBid:JVNDB-2019-001445date:2019-03-06T00:00:00
db:PACKETSTORMid:153980date:2019-08-08T14:34:03
db:CNNVDid:CNNVD-201901-099date:2019-01-08T00:00:00
db:NVDid:CVE-2018-1320date:2019-01-07T17:29:00.360