Main Vulnerability Database Vulnerabilities #VU13036

#VU13036 Deserialization of untrusted data in Apache Nifi - CVE-2018-1310

Published: May 24, 2018 / Updated: May 29, 2018

Vulnerability identifier: #VU13036

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1310

CWE-ID: CWE-502

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Nifi

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to unsafe deserialization of Java Message Service (JMS) content by an ActiveMQ client affected by the vulnerability identified as CVE-2015-5254. A remote attacker can send a specially crafted request that submits malicious JMS content and cause the affected software to become unresponsive or crash, resulting in a DoS condition.

Remediation

Update to version 1.6.

External links

https://nifi.apache.org/security.html#CVE-2018-1310

#VU13036 Deserialization of untrusted data in Apache Nifi - CVE-2018-1310

Description

Remediation

External links

Please verify you're human