admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-13xx/CVE-2018-1306.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

132 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-1306",
"sourceIdentifier": "security@apache.org",
"published": "2018-06-27T18:29:00.553",
"lastModified": "2024-11-21T03:59:35.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information."
},
{
"lang": "es",
"value": "El c\u00f3digo del archivo war Multipart Portlet PortletV3AnnotatedDemo proporcionado en Apache Pluto 3.0.0 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n sensible. Esto viene provocado por un error al restringir la informaci\u00f3n de ruta proporcionada durante una subida de archivo. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener datos de configuraci\u00f3n y otro tipo de informaci\u00f3n sensible."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pluto:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31F6CCD7-D29C-4C90-9229-8D34DC721208"
}
]
}
]
}
],
"references": [
{
"url": "http://portals.apache.org/pluto/security.html",
"source": "security@apache.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/45396/",
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://portals.apache.org/pluto/security.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.exploit-db.com/exploits/45396/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink