National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2018-8009

Change History

Initial Analysis - 1/9/2019 3:00:16 PM

Action Type Old Value New Value
Changed Reference Type
http://www.securityfocus.com/bid/105927 No Types Assigned
http://www.securityfocus.com/bid/105927 Third Party Advisory, VDB Entry
Changed Reference Type
https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop No Types Assigned
https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop Vendor Advisory
Changed Reference Type
https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E No Types Assigned
https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E Third Party Advisory
Changed Reference Type
https://snyk.io/research/zip-slip-vulnerability No Types Assigned
https://snyk.io/research/zip-slip-vulnerability Exploit, Third Party Advisory
Added CWE
CWE-284
Added CVSS V2
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Added CVSS V3
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CPE Configuration
OR
     *cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* versions from (including) 0.23.0 up to (including) 0.23.11
     *cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* versions from (including) 2.0.0 up to (including) 2.7.6
     *cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (including) 2.8.4
     *cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* versions from (including) 2.9.0 up to (including) 2.9.1
     *cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (including) 3.0.2
     *cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*
     *cpe:2.3:a:apache:hadoop:3.1.0:*:*:*:*:*:*:*