CVE-2019-10158

Опубликовано: 02 янв. 2020

Источник: nvd

CVSS3: 5.4

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158
Issue Tracking
Patch
Third Party Advisory
https://github.com/infinispan/infinispan/pull/6960
Third Party Advisory
https://github.com/infinispan/infinispan/pull/7025
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0009/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158
Issue Tracking
Patch
Third Party Advisory
https://github.com/infinispan/infinispan/pull/6960
Third Party Advisory
https://github.com/infinispan/infinispan/pull/7025
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231227-0009/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*

Версия до 9.4.14 (включая)

Конфигурация 2

cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00509

Низкий

5.4 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-384

Связанные уязвимости

CVE-2019-10158

CVSS3: 5.4

redhat

больше 6 лет назад

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

GHSA-6x3v-rw2q-9gx7

CVSS3: 9.8

github

около 6 лет назад

Improper implementation of the session fixation protection in Infinispan

EPSS

Процентиль: 66%

0.00509

Низкий

5.4 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-384