CVE-2018-8088 (CNNVD-201803-708)
CRITICAL
中文标题:
QOS.CH SLF4J slf4j-ext模块代码问题漏洞
英文标题:
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote att...
CVSS分数:
9.8
发布时间:
2018-03-20 00:00:00
漏洞类型:
代码问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
SLF4J是开源的一个库,充当各种日志框架(例如 java.util.logging、logback、log4j)的简单外观或抽象。 SLF4J 1.8.0-beta2之前版本中的slf4j-ext模块的org.slf4j.ext.EventData存在代码问题漏洞。远程攻击者可借助特制的数据利用该漏洞绕过访问限制。
英文描述:
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| qos | slf4j | * | - | - |
cpe:2.3:a:qos:slf4j:*:*:*:*:*:*:*:*
|
| qos | slf4j | 1.8.0 | - | - |
cpe:2.3:a:qos:slf4j:1.8.0:alpha1:*:*:*:*:*:*
|
| redhat | jboss_enterprise_application_platform | 7.1 | - | - |
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*
|
| redhat | jboss_enterprise_application_platform | 6.0.0 | - | - |
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
|
| redhat | jboss_enterprise_application_platform | 6.4.0 | - | - |
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
|
| redhat | virtualization | 4.0 | - | - |
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
|
| redhat | virtualization_host | 4.0 | - | - |
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_desktop | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.5 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_eus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_aus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.4 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.6 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_server_tus | 7.7 | - | - |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
|
| redhat | enterprise_linux_workstation | 7.0 | - | - |
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
|
| oracle | goldengate_application_adapters | 12.3.2.1.0 | - | - |
cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*
|
| oracle | goldengate_stream_analytics | * | - | - |
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.2.0.2.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.2.0.3.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.2.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.3.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.4.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.5.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.6.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.4.0.0.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2018:1448
vendor-advisory
cve.org
访问
cve.org
1040627
vdb-entry
cve.org
访问
cve.org
RHSA-2018:1449
vendor-advisory
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
RHSA-2018:1248
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1251
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:2143
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1450
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:2669
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1323
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:2420
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0630
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1525
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1575
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1451
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0629
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0628
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0582
vendor-advisory
cve.org
访问
cve.org
103737
vdb-entry
cve.org
访问
cve.org
RHSA-2018:2419
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1447
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1247
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0627
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:2930
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:1249
vendor-advisory
cve.org
访问
cve.org
RHSA-2018:0592
vendor-advisory
cve.org
访问
cve.org
[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4
mailing-list
cve.org
访问
cve.org
[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4
mailing-list
cve.org
访问
cve.org
RHSA-2019:2413
vendor-advisory
cve.org
访问
cve.org
RHSA-2019:3140
vendor-advisory
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)
mailing-list
cve.org
访问
cve.org
[hadoop-common-commits] 20200824 [hadoop] branch branch-3.3 updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.
mailing-list
cve.org
访问
cve.org
[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088)
mailing-list
cve.org
访问
cve.org
[hadoop-common-commits] 20200824 [hadoop] branch trunk updated: HADOOP-17220. Upgrade slf4j to 1.7.30 ( To Address: CVE-2018-8088). Contributed by Brahma Reddy Battula.
mailing-list
cve.org
访问
cve.org
[logging-notifications] 20200825 [jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088
mailing-list
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
cve.org
访问
cve.org
[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan
mailing-list
cve.org
访问
cve.org
[iotdb-notifications] 20210325 [jira] [Created] (IOTDB-1258) jcl-over-slf4j have Security Vulnerabilities CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210325 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 closed pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210327 [GitHub] [iotdb] wangchao316 opened a new pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210327 [jira] [Updated] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[zookeeper-dev] 20210327 [jira] [Created] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210328 [jira] [Commented] (ZOOKEEPER-4264) Apache Zookeeper 3.6.2 - slf4j 1.7.25 has security vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210328 [GitHub] [iotdb] HTHou merged pull request #2906: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[iotdb-commits] 20210328 [iotdb] branch master updated: [IOTDB-1258] jcl-over-slf4j have security vulnerabilities CVE-2018-8088 (#2906)
mailing-list
cve.org
访问
cve.org
[flink-dev] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210720 [jira] [Created] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210721 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210725 [jira] [Commented] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210804 [jira] [Closed] (FLINK-23444) Slf4j 1.7.15 has the high-risk vulnerability CVE-2018-8088
mailing-list
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
无标题
OTHER
cve.org
访问
cve.org
CVSS评分详情
9.8
CRITICAL
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS版本:
3.1
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2018-03-20 00:00:00
修改时间:
2024-08-05 06:46:12
创建时间:
2025-11-11 15:35:22
更新时间:
2025-11-11 15:53:38
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-8088 |
2025-11-11 15:19:54 | 2025-11-11 07:35:22 |
| NVD | nvd_CVE-2018-8088 |
2025-11-11 14:55:53 | 2025-11-11 07:43:56 |
| CNNVD | cnnvd_CNNVD-201803-708 |
2025-11-11 15:09:59 | 2025-11-11 07:53:38 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:53:38
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-201803-708; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-201803-708
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:43:56
severity: SeverityLevel.MEDIUM → SeverityLevel.CRITICAL; cvss_score: 未提取 → 9.8; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 30; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 30
- data_sources: ['cve'] -> ['cve', 'nvd']