CVE-2018-12684 - OpenCVE

Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Civetweb Project	Civetweb

Configuration 1 [-]

cpe:2.3:a:civetweb_project:civetweb:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552	Patch Third Party Advisory
https://github.com/civetweb/civetweb/issues/633	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:06

Updated: 2022-10-03T16:22:06

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-12684

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-22T19:29:00.267

Modified: 2018-08-10T13:26:35.193

Link: CVE-2018-12684

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:civetweb_project:civetweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8A77DAD-2799-4DB4-8572-4DE74FCF8AC8", "versionEndIncluding": "1.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file."}, {"lang": "es", "value": "Lectura fuera de l\u00edmites en la funci\u00f3n send_ssi_file en civetweb.c en CivetWeb hasta la versi\u00f3n 1.10 permite que los atacantes provoquen una divulgaci\u00f3n de informaci\u00f3n por denegaci\u00f3n de servicio (DoS) mediante un archivo SSI manipulado."}], "id": "CVE-2018-12684", "lastModified": "2018-08-10T13:26:35.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-22T19:29:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/civetweb/civetweb/issues/633"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}