正文

Oracle Retail Xstore Point of Service 17 Xstore Services 拒绝服务漏洞

admin
admin V管理员 /0 评论 /23 阅读
0424
此篇文章发布距今已超过1150天,您需要注意文章的内容或图片是否可用!

CVE编号

CVE-2018-10237

利用情况

暂无

补丁情况

官方补丁

披露时间

2018-04-27
漏洞描述
Google Guava是美国谷歌(Google)公司开发的一款包括图形库、函数类型、I/O和字符串处理等的Java核心库。
Google Guava 11.0版本至24.1.1版本(不包括24.1.1版本)中存在安全漏洞,该漏洞源于程序未能正确的检测客户端发送的内容及数据大小是否合理。远程攻击者可利用该漏洞造成拒绝服务。
解决建议
厂商已发布漏洞修复程序,请及时关注更新:
https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion
参考链接
http://www.securitytracker.com/id/1041707
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2598
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932...
https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49...
https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4...
https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f3452...
https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42a...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a...
https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34...
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fa...
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d...
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d...
https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a...
https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa4...
https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a53...
https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47...
https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50...
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e...
https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b927765...
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328c...
https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e...
https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0...
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a056...
https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b6...
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9...
https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94a...
https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d8...
https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e43...
https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe1...
https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b7...
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce637...
https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c...
https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05...
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 google guava * From
(including)
11.0 		Up to
(excluding)
24.1.1
运行在以下环境
应用 redhat jboss_enterprise_application_platform 6.0.0 -
运行在以下环境
应用 redhat jboss_enterprise_application_platform 6.4.0 -
运行在以下环境
应用 redhat jboss_enterprise_application_platform 7.1.0 -
运行在以下环境
应用 redhat openstack 13.0 -
运行在以下环境
应用 redhat satellite 6.4 -
运行在以下环境
应用 redhat virtualization 4.2 -
运行在以下环境
应用 redhat virtualization_host 4.0 -
运行在以下环境
系统 fedora_26 guava * Up to
(excluding)
18.0-12.fc26
运行在以下环境
系统 fedora_26 guava-javadoc * Up to
(excluding)
18.0-12.fc26
运行在以下环境
系统 fedora_26 guava-testlib * Up to
(excluding)
18.0-12.fc26
运行在以下环境
系统 fedora_27 guava * Up to
(excluding)
18.0-12.fc27
运行在以下环境
系统 fedora_27 guava-javadoc * Up to
(excluding)
18.0-12.fc27
运行在以下环境
系统 fedora_27 guava-testlib * Up to
(excluding)
18.0-12.fc27
运行在以下环境
系统 fedora_28 guava * Up to
(excluding)
24.0-3.fc28
运行在以下环境
系统 fedora_28 guava-javadoc * Up to
(excluding)
24.0-3.fc28
运行在以下环境
系统 fedora_28 guava-testlib * Up to
(excluding)
24.0-3.fc28
阿里云评分 2.7
  • 攻击路径 远程
  • 攻击复杂度 困难
  • 权限要求 无需权限
  • 影响范围 有限影响
  • EXP成熟度 未验证
  • 补丁情况 官方补丁
  • 数据保密性 无影响
  • 数据完整性 无影响
  • 服务器危害 无影响
  • 全网数量 100
CWE-ID 漏洞类型 CWE-502 可信数据的反序列化 CWE-770 不加限制或调节的资源分配