{"containers":{"cna":{"affected":[{"product":"Eclipse Jetty","vendor":"The Eclipse Foundation","versions":[{"lessThan":"9.4.9","status":"affected","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"affected","version":"9.4.0","versionType":"custom"}]}],"datePublic":"2018-06-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-6","description":"CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-10-20T21:14:53.000Z","orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse"},"references":[{"name":"1041194","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1041194"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20181014-0001/"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@eclipse.org","ID":"CVE-2018-12538","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Eclipse Jetty","version":{"version_data":[{"version_affected":"<","version_value":"9.4.9"},{"version_affected":">=","version_value":"9.4.0"}]}}]},"vendor_name":"The Eclipse Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length"}]}]},"references":{"reference_data":[{"name":"1041194","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041194"},{"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","refsource":"MISC","url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"},{"name":"https://www.oracle.com/security-alerts/cpuoct2020.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"name":"https://security.netapp.com/advisory/ntap-20181014-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20181014-0001/"},{"name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018","refsource":"CONFIRM","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T08:38:06.131Z"},"title":"CVE Program Container","references":[{"name":"1041194","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1041194"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20181014-0001/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"}]}]},"cveMetadata":{"assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","assignerShortName":"eclipse","cveId":"CVE-2018-12538","datePublished":"2018-06-22T19:00:00.000Z","dateReserved":"2018-06-18T00:00:00.000Z","dateUpdated":"2024-08-05T08:38:06.131Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}