CVE-2018-8929

Beschreibung:
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.

CWE: CWE-417 CWE-915

CVSS-Bewertung
CVSS 2: MEDIUM – 6.8 (Version: 2.0)
CVSS 3: HIGH – 8.1 (Version: 3.0)

Links:

NVD – CVE-2018-8929
CVE – CVE-2018-8929

Link (max. 20) Quelle Tags
https://www.synology.com/en-global/support/security/Synology_SA_18_19 CONFIRM Vendor Advisory Third Party Advisory Third Party Advisory
https://security.netapp.com/advisory/ntap-20190327-0006/ CONFIRM Third Party Advisory Third Party Advisory
https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 CONFIRM Patch Third Party Advisory
[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update MLIST Mailing List Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html CONFIRM Patch Third Party Advisory
RHSA-2019:0365 REDHAT Third Party Advisory Third Party Advisory
RHSA-2019:0364 REDHAT Third Party Advisory Third Party Advisory
RHSA-2019:0362 REDHAT Third Party Advisory Third Party Advisory
RHSA-2019:0380 REDHAT Third Party Advisory Patch Third Party Advisory
RHSA-2019:1162 REDHAT Third Party Advisory Patch Third Party Advisory
RHSA-2019:1161 REDHAT Third Party Advisory Third Party Advisory
RHSA-2019:1160 REDHAT Third Party Advisory
RHSA-2019:1159 REDHAT Third Party Advisory
https://security.netapp.com/advisory/ntap-20190530-0001/ CONFIRM Third Party Advisory
[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8) MLIST Mailing List Third Party Advisory
[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8) MLIST Mailing List Third Party Advisory
[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year MLIST Mailing List Patch Third Party Advisory
[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year MLIST Mailing List Patch Third Party Advisory
[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8) MLIST Mailing List Third Party Advisory
[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year MLIST Mailing List Patch Third Party Advisory

Quelle: NVD – CVE-2018-8929
Datum Veröffentlichung: 2018-07-06T12:29Z, Datum letzte Änderung: 2021-05-12T14:15Z