CVE-2018-18249
published 2018-12-17CVE-2018-18249: Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the…
PriorityP345critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.49%
70.9th percentile
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | icingaweb2 | < icingaweb2 2.6.2-1 (bookworm) | icingaweb2 2.6.2-1 (bookworm) |
| icinga | icinga_web_2 | < 2.6.2 | 2.6.2 |
| icinga | icingaweb2 | >= 0 < 2.6.2-1 | 2.6.2-1 |
| icinga | icingaweb2 | >= 0 < 2.6.2-1 | 2.6.2-1 |
| icinga | icingaweb2 | >= 0 < 2.6.2-1 | 2.6.2-1 |
| icinga | icingaweb2 | >= 0 < 2.6.2-1 | 2.6.2-1 |
| linux | linux_kernel | >= 0 < 4.4.0-145.171 | 4.4.0-145.171 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h88r-wm6r-9ghp: Icinga Web 2 before 2
ghsa_unreviewed·2022-05-13
CVE-2018-18249 [CRITICAL] CWE-94 GHSA-h88r-wm6r-9ghp: Icinga Web 2 before 2
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2019-04-02·CVSS 7.0
CVE-2017-18249 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a race condition existed in the f2fs file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18249)
Wen Xu discovered that the f2fs file system implementation in the Linux
kernel did not properly validate metadata. An attacker could use this to
construct a malicious f2fs image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100,
CVE-2018-14614, CVE-2018-14616)
Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation
in the Linux kernel did not properly validate metadata. An attacker could
use this to construct a malicious btrfs image that, when mo
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2019-04-02·CVSS 7.0
CVE-2017-18249 linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that a race condition existed in the f2fs file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18249)
Wen Xu discovered that the f2fs file system implementation in the Linux
kernel did not properly validate metadata. An attacker could use this to
construct a malicious f2fs image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100,
CVE-2018-14614, CVE-2018-14616)
Wen Xu and Po-Ning Tseng
OSV
CVE-2018-18249: Icinga Web 2 before 2
osv·2018-12-17·CVSS 9.8
CVE-2018-18249 [CRITICAL] CVE-2018-18249: Icinga Web 2 before 2
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
Debian
CVE-2018-18249: icingaweb2 - Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vector...
vendor_debian·2018·CVSS 9.8
CVE-2018-18249 [CRITICAL] CVE-2018-18249: icingaweb2 - Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vector...
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
Scope: local
bookworm: resolved (fixed in 2.6.2-1)
bullseye: resolved (fixed in 2.6.2-1)
forky: resolved (fixed in 2.6.2-1)
sid: resolved (fixed in 2.6.2-1)
trixie: resolved (fixed in 2.6.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-17
Published