Search for vulnerabilities
Vulnerability details: VCID-wu7y-2jwh-aaaf
Vulnerability ID VCID-wu7y-2jwh-aaaf
Aliases CVE-2018-1295
GHSA-chp4-rv79-68j3
Summary Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-502 Deserialization of Untrusted Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2018:2405
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1295.json
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.01910 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.05110 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.05110 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.05110 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.05110 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.06879 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
epss 0.13342 https://api.first.org/data/v1/epss?cve=CVE-2018-1295
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1563133
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-chp4-rv79-68j3
cvssv3.1 9.8 https://github.com/apache/ignite
generic_textual CRITICAL https://github.com/apache/ignite
cvssv3.1 9.8 https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-1295
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-1295
cvssv3.1 9.8 https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
generic_textual CRITICAL https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1295.json
https://api.first.org/data/v1/epss?cve=CVE-2018-1295
https://github.com/apache/ignite
https://github.com/apache/ignite/commit/340569b8f4e14a4cb61a9407ed2d9aa4a20bdf49
https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209%40%3Cdev.ignite.apache.org%3E
https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
http://www.securityfocus.com/bid/103692
1563133 https://bugzilla.redhat.com/show_bug.cgi?id=1563133
cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*
CVE-2018-1295 https://nvd.nist.gov/vuln/detail/CVE-2018-1295
GHSA-chp4-rv79-68j3 https://github.com/advisories/GHSA-chp4-rv79-68j3
RHSA-2018:2405 https://access.redhat.com/errata/RHSA-2018:2405
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1295.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/ignite
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/45e7d5e2c6face85aab693f5ae0616563132ff757e5a558da80d0209@%3Cdev.ignite.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1295
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-1295
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20200227125559/http://www.securityfocus.com/bid/103692
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88921
EPSS Score 0.01910
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.