Vulnerabilities > CVE-2018-17191 - Unspecified vulnerability in Apache Netbeans 9.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.securityfocus.com/bid/106352
- http://www.securityfocus.com/bid/106352
- https://lists.apache.org/thread.html/d1c37966a316a326ab4ff4d4bc056322e8adcbe984e8145c0ecda7fa%40%3Cdev.netbeans.apache.org%3E
- https://lists.apache.org/thread.html/d1c37966a316a326ab4ff4d4bc056322e8adcbe984e8145c0ecda7fa%40%3Cdev.netbeans.apache.org%3E