CVE-2018-1000129

Опубликовано: 14 мар. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Ссылки

https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3817
Third Party Advisory
https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
Patch
Third Party Advisory
https://jolokia.org/#Security_fixes_with_1.5.0
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2669
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3817
Third Party Advisory
https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad
Patch
Third Party Advisory
https://jolokia.org/#Security_fixes_with_1.5.0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.67423

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-1000129

CVSS3: 6.1

redhat

почти 8 лет назад

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

GHSA-hfpg-gqjw-779m

CVSS3: 6.1

github

больше 3 лет назад

Cross-site Scripting in Jolokia agent

EPSS

Процентиль: 99%

0.67423

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79