CVE-2018-1316

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1316
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1316.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1316
Aliases
Published
2018-03-05T14:29:00.313Z
Modified
2026-04-11T19:05:12.197569Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The ODE process deployment web service was sensible to deployment messages with forged names. Using a path for the name was allowing directory traversal, resulting in the potential writing of files under unwanted locations, the overwriting of existing files or their deletion. This issue was addressed in Apache ODE 1.3.3 which was released in 2009, however the incorrect name CVE-2008-2370 was used on the advisory by mistake.

References

Affected packages

Git / github.com/apache/ode

Affected ranges

Type
GIT
Repo
https://github.com/apache/ode
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00e7702f49866171c6d8ce468a1d0192c5eabaa8
Last affected
630a018d2cbb9712544c174a8434cfc55953b382
Last affected
6477197e1508c44a844979f0a490d48a5a080d2e
Last affected
073315bc2fccf5231619fb5e5aabe8e382b1997d
Last affected
833c44769a5c18dc661a5b1f7c21e4e6b146b5d3
Last affected
e188cf3a7d99d07e600852304831d3cb2b16cce3
Last affected
8ede5534ecadc2fe6a2ca8afe73dfac830d73a4e
Last affected
7ce366f41759d4dd96fe9d68ed22ce0880c0423c
Last affected
993a7cb485e04e4093816d94d712173035794319
Last affected
a9ec445ceb4387c47ce16bfd7661b166d06104ac
Last affected
c661421cf0da9bd7bc92bd7c13aa66bd91ef6345
Last affected
3bd444851e05fb7c283f82e467b1a8a20d2a1bf3
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.2"
        },
        {
            "last_affected": "1.0-incubating"
        },
        {
            "last_affected": "1.0-rc1\\-incubating"
        },
        {
            "last_affected": "1.0-rc2\\-incubating"
        },
        {
            "last_affected": "1.0-rc3\\-incubating"
        },
        {
            "last_affected": "1.0-rc4\\-incubating"
        },
        {
            "last_affected": "1.1-rc1"
        },
        {
            "last_affected": "1.1-rc2"
        },
        {
            "last_affected": "1.1-rc3"
        },
        {
            "last_affected": "1.1-rc4"
        },
        {
            "last_affected": "1.1-rc5"
        },
        {
            "last_affected": "1.1.1-rc1"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:ode:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.0:incubating:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.0:rc1-incubating:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.0:rc2-incubating:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.0:rc3-incubating:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.0:rc4-incubating:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1:rc2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1:rc3:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1:rc4:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1:rc5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:ode:1.1.1:rc1:*:*:*:*:*:*"
    ]
}

Affected versions

APACHE_ODE_1.*
APACHE_ODE_1.0-INCUBATING
APACHE_ODE_1.0-RC1-INCUBATING
APACHE_ODE_1.0-RC2-INCUBATING
APACHE_ODE_1.0-RC3-INCUBATING
APACHE_ODE_1.0-RC4-INCUBATING
APACHE_ODE_1.1-RC1
APACHE_ODE_1.1-RC2
APACHE_ODE_1.1-RC3
APACHE_ODE_1.1-RC4
APACHE_ODE_1.1-RC5
APACHE_ODE_1.1.1RC1
APACHE_ODE_1.3.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1316.json"