Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2018-10682 | First vendor Publication | 2018-05-09 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10682 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:11:39 |
|
| 2024-08-05 13:28:00 |
|
| 2024-08-01 17:27:51 |
|
| 2024-07-24 00:27:34 |
|
| 2024-05-17 09:28:35 |
|
| 2024-05-14 21:28:22 |
|
| 2024-04-11 09:28:38 |
|
| 2024-03-21 09:28:40 |
|
| 2023-11-07 21:41:47 |
|
| 2021-05-04 13:07:36 |
|
| 2021-04-22 02:20:37 |
|
| 2020-05-23 01:05:53 |
|
| 2018-06-18 21:19:43 |
|
| 2018-05-16 09:19:32 |
|
| 2018-05-09 17:19:28 |
|
