CVE-2018-9159 : In Spark before 2.7.2, a remote attacker can read unintended static files via va

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.

Published 2018-03-31 21:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2018-9159

Sparkjava » Spark
Versions before (<) 2.7.2
cpe:2.3:a:sparkjava:spark:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-9159

EPSS FAQ

0.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-9159

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2018-9159

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-9159

https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668

Fix for #981, patch 2 (#988) · perwendel/spark@030e9d0 · GitHub
Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2405

RHSA-2018:2405 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://github.com/perwendel/spark/issues/981

Where Can I Report Security Vulnerability? · Issue #981 · perwendel/spark · GitHub
Issue Tracking;Third Party Advisory
https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cd

Fix for #981, patch 2 · perwendel/spark@a221a86 · GitHub
Patch;Third Party Advisory
http://sparkjava.com/news#spark-272-released

News - Spark Framework: An expressive web framework for Kotlin and Java
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2020

RHSA-2018:2020 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863cc

Fix for #981 · perwendel/spark@ce9e115 · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2018-9159

Products affected by CVE-2018-9159

Exploit prediction scoring system (EPSS) score for CVE-2018-9159

CVSS scores for CVE-2018-9159

CWE ids for CVE-2018-9159

References for CVE-2018-9159