Miggo Logo
Miggo Vulnerability Database
CVE-2018-1310

CVE-2018-1310:
Apache NiFi JMS Deserialization issue

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-1310
GHSA ID
GHSA-p76j-5v6v-6c22
EPSS Score
0.8103%
CWE
CWE-502
Published
5/14/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.nifi:nifimaven< 1.6.01.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Apache NiFi's use of a pre-5.15.3 ActiveMQ client (CVE-2015-5254), which allows unsafe deserialization via JMS ObjectMessage. The NiFi JMS processors (ConsumeJMS/PublishJMS) are the entry points for processing messages. The ConsumeJMS.onTrigger method drives message consumption, invoking ActiveMQ's deserialization routines. The JMSConsumer.consume method directly interacts with the JMS client to retrieve messages. During exploitation, these functions would appear in runtime profiles when processing malicious JMS content. The patch upgraded the library, implying these functions were the execution path for the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Ni*i JMS **s*ri*liz*tion issu* ****us* o* **tiv*MQ *li*nt vuln*r**ility. M*li*ious JMS *ont*nt *oul* **us* **ni*l o* s*rvi**. S** **tiv*MQ *V*-****-**** *nnoun**m*nt *or mor* in*orm*tion. T** *ix to up*r*** t** **tiv*mq-*li*nt li*r*ry to *.**.

Reasoning

T** vuln*r**ility st*ms *rom *p**** Ni*i's us* o* * pr*-*.**.* **tiv*MQ *li*nt (*V*-****-****), w*i** *llows uns*** **s*ri*liz*tion vi* JMS O*j**tM*ss***. T** Ni*i JMS pro**ssors (`*onsum*JMS`/`Pu*lis*JMS`) *r* t** *ntry points *or pro**ssin* m*ss***