SLF4J 'EventData' Constructor Remote Code Execution Vulnerability

Bugtraq ID: 103737
Class: Input Validation Error
CVE: CVE-2018-8088
Remote: Yes
Local: No
Published: Feb 22 2018 12:00AM
Updated: Apr 18 2019 11:00AM
Credit: Chris McCown
Vulnerable: Redhat Subscription Asset Manager 1
Redhat Software Collections for RHEL 0
Redhat Software Collections 1 for RHEL 7 0
Redhat Software Collections 1 for RHEL 7.3
Redhat Redhat JBoss Enterprise Application Platform (for RHEL 7) 7.1
Redhat Redhat JBoss Enterprise Application Platform (for RHEL 6) 7.1
Redhat JBoss Enterprise Application Platform 6 for RHEL 7 Server 0
Redhat JBoss Enterprise Application Platform 6 for RHEL 6 Server 0
Redhat JBoss Enterprise Application Platform 6 for RHEL 5 Server 0
Redhat JBoss Enterprise Application Platform (for RHEL 7) 7.0
Redhat JBoss Enterprise Application Platform (for RHEL 7) 6.4
Redhat JBoss Enterprise Application Platform (for RHEL 7) 6.3
Redhat JBoss Enterprise Application Platform (for RHEL 6) 7.0
Redhat JBoss Enterprise Application Platform (for RHEL 6) 6.4
Redhat JBoss Enterprise Application Platform (for RHEL 5) 6.4
Redhat JBoss Enterprise Application Platform 6.4
Redhat Jboss EAP 7.1
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
QOS.ch SLF4J 1.7.25
QOS.ch SLF4J 1.7.24
QOS.ch SLF4J 1.7.23
QOS.ch SLF4J 1.7.22
QOS.ch SLF4J 1.7.21
QOS.ch SLF4J 1.7.20
QOS.ch SLF4J 1.7.19
QOS.ch SLF4J 1.7.18
QOS.ch SLF4J 1.7.16
QOS.ch SLF4J 1.7.15
QOS.ch SLF4J 1.7.10
QOS.ch SLF4J 1.7.5
QOS.ch SLF4J 1.7
Oracle Utilities Framework 4.4.0.0.0
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.4
Oracle Utilities Framework 4.3.0.3.0
Oracle Utilities Framework 4.3.0.2.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Linux 7.0
Oracle Linux 7
Not Vulnerable: QOS.ch SLF4J 1.8.0-Beta2


 

Privacy Statement
Copyright 2010, SecurityFocus