Bug 13703

Summary: [CVE 21] derby 10.13.1.1 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED DUPLICATE QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: e.kosachev, s.matveev, v.potapov, y.tumanov
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2018-1313,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:00:19 MSK 
Please patch CVEs for package derby version 10.13.1.1
  
INFO (CVEs are): derby 10.13.1.1
 cves found
CVE-2018-1313
Desc: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1313
Severity: MEDIUM
Comment 1 Vladimir Potapov 2023-10-20 12:39:23 MSK 

*** This bug has been marked as a duplicate of bug 13513 ***