CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-17191

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile24.19th
Published2018年12月31日
Last Modified2024年11月21日

Vulnerability Description

Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.

Affected Platforms (CPE)

📦
Apache

Netbeans

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/106352
🔗 https://lists.apache.org/thread.html/d1c37966a316a326ab4ff4d4bc056322e8adcbe984e8145c0ecda7fa%40%3Cdev.netbeans.apache.org%3E
🔗 http://www.securityfocus.com/bid/106352
🔗 https://lists.apache.org/thread.html/d1c37966a316a326ab4ff4d4bc056322e8adcbe984e8145c0ecda7fa%40%3Cdev.netbeans.apache.org%3E

相关漏洞威胁

CVE-2020-119869.8

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes th...

CVE-2019-175609.1

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an...

CVE-2018-10005427.8

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Poss...

CVE-2019-175617.5

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and i...