CVE-2018-8088

Published: Mar 20, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Affected (33)

Products: Qos: Slf4j · Redhat: Jboss Enterprise Application Platform, Virtualization, Virtualization Host, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation · Oracle: Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework

Qos

1 product

Slf4j

Redhat

9 products

Jboss Enterprise Application Platform

Virtualization

Virtualization Host

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Oracle

3 products

Goldengate Application Adapters

Goldengate Stream Analytics

Utilities Framework

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Qos Slf4j	Before 1.7.26
Qos Slf4j	Version 1.8.0 alpha1
Qos Slf4j	Version 1.8.0 alpha2
Qos Slf4j	Version 1.8.0 beta1
Qos Slf4j	Version 1.8.0 beta2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 7.1

Configuration C

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 6.0.0
Redhat Jboss Enterprise Application Platform	Version 6.4.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 4.0
Redhat Virtualization Host	Version 4.0

Configuration E

13 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.4
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 7.0

Configuration F

10 vulnerable

Vulnerable Software	Affected Versions
Oracle Goldengate Application Adapters	Version 12.3.2.1.0
Oracle Goldengate Stream Analytics	Before 19.1.0.0.1
Oracle Utilities Framework	Version 4.2.0.2.0
Oracle Utilities Framework	Version 4.2.0.3.0
Oracle Utilities Framework	Version 4.3.0.2.0
Oracle Utilities Framework	Version 4.3.0.3.0
Oracle Utilities Framework	Version 4.3.0.4.0
Oracle Utilities Framework	Version 4.3.0.5.0
Oracle Utilities Framework	Version 4.3.0.6.0
Oracle Utilities Framework	Version 4.4.0.0.0

References (126)

http://www.securityfocus.com/bid/103737

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040627

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0582

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0592

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0627

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0628

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0629

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0630

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1247

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1248

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1249

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1251

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1323

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1447

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1448

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1449

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1450

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1451

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1525

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1575

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2143

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2419

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2420

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2669

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2930

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2413

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3140

Source: cve@mitre.org

Third Party Advisory

https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405

Source: cve@mitre.org

PatchThird Party Advisory

https://jira.qos.ch/browse/SLF4J-430

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://jira.qos.ch/browse/SLF4J-431

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20231227-0010/

Source: cve@mitre.org

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: cve@mitre.org

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: cve@mitre.org

PatchThird Party Advisory

https://www.slf4j.org/news.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/103737