CVE-2018-12538

{"id": "CVE-2018-12538", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-06-22T19:29:00.220", "references": [{"url": "http://www.securitytracker.com/id/1041194", "tags": ["Third Party Advisory", "VDB Entry"], "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://security.netapp.com/advisory/ntap-20181014-0001/", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-6"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore."}, {"lang": "es", "value": "En Eclipse Jetty, desde la versi\u00f3n 9.4.0 hasta la 9.4.8, al emplear el FileSessionDataStore opcional provisto por Jetty para el almacenamiento persistente de detalles HttpSession, es posible que un usuario malicioso acceda/secuestre otras HttpSessions e incluso elimine HttpSessions sin coincidencias presentes en el almacenamiento FileSystem para FileSessionDataStore."}], "lastModified": "2023-11-07T02:52:20.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AC29420-F772-43D0-89AE-2071F4838B2E", "versionEndIncluding": "9.4.8", "versionStartIncluding": "9.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B49859-49F0-439B-AEF8-79EF71DA0D73"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52", "versionEndIncluding": "11.40", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63"}, {"criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC"}, {"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B80C9D-62AA-42FA-AB46-F8A414FCBE5E", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370"}, {"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "912520F1-3717-457F-9F05-88BDAB3E5DF9"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}