1. Home
  2. Vulnerabilities
  3. CVE-2018-1316

CVE-2018-1316

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.16 % (53th)
0.16% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Related CVEs
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2018-03-05 14:29:00
(6 years ago)
Updated Date
2023-11-07 02:55:57
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Ode above 1.1.1 version and 1.3.2 and prior versions cpe:2.3:a:apache:ode > 1.1.1 <= 1.3.2
  Apache Ode 1.0 Incubating cpe:2.3:a:apache:ode:1.0:incubating
  Apache Ode 1.0 Rc1-incubating cpe:2.3:a:apache:ode:1.0:rc1-incubating
  Apache Ode 1.0 Rc2-incubating cpe:2.3:a:apache:ode:1.0:rc2-incubating
  Apache Ode 1.0 Rc3-incubating cpe:2.3:a:apache:ode:1.0:rc3-incubating
  Apache Ode 1.0 Rc4-incubating cpe:2.3:a:apache:ode:1.0:rc4-incubating
  Apache Ode 1.1 Rc1 cpe:2.3:a:apache:ode:1.1:rc1
  Apache Ode 1.1 Rc2 cpe:2.3:a:apache:ode:1.1:rc2
  Apache Ode 1.1 Rc3 cpe:2.3:a:apache:ode:1.1:rc3
  Apache Ode 1.1 Rc4 cpe:2.3:a:apache:ode:1.1:rc4
  Apache Ode 1.1 Rc5 cpe:2.3:a:apache:ode:1.1:rc5
  Apache Ode 1.1.1 Rc1 cpe:2.3:a:apache:ode:1.1.1:rc1