Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2018-11788 | First vendor Publication | 2019-01-07 |
Vendor | Cve | Last vendor Modification | 2019-02-12 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11788 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
CPE : Common Platform Enumeration
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/106479 |
MISC | http://karaf.apache.org/security/cve-2018-11788.txt |
Alert History
Date | Informations |
---|---|
2021-05-05 01:28:19 |
|
2021-05-04 13:08:02 |
|
2021-04-22 02:21:39 |
|
2021-03-27 01:24:00 |
|
2020-05-23 02:10:36 |
|
2020-05-23 01:06:31 |
|
2019-02-13 00:19:25 |
|
2019-02-07 00:19:07 |
|
2019-01-09 17:18:50 |
|
2019-01-07 21:19:17 |
|