CVE-2018-1288
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-1288
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Kafka 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apachee Kafka是美国阿帕奇(Apache)基金会的一套开源的分布式流媒体平台。该平台能够获取实时数据,用于构建对数据流的变化进行实时反应的应用程序。 Apache Kafka中存在信息泄露漏洞。攻击者可通过发送特制的请求(干扰到数据的复制)利用该漏洞造成数据丢失。以下版本受到影响:Apache Kafka 0.9.0.0版本至0.9.0.1版本,0.10.0.0版本至0.10.2.1版本,0.11.0.0版本至0.11.0.2版本,1.0.0版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Kafka | 0.9.0.0 to 0.9.0.1 | - |
II. Public POCs for CVE-2018-1288
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/joegallagher4/CVE-2018-1288- | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-1288
请登录查看更多情报信息。
- https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-1288
IV. Related Vulnerabilities
Same product: Apache Kafka
- CVE-2026-33557
Apache Kafka: Missing JWT token validation in OAUTHBEARER au - CVE-2026-33558
Apache Kafka, Apache Kafka Clients: Information Exposure Thr - CVE-2025-27819
Apache Kafka: Possible RCE/Denial of service attack via SASL - CVE-2025-27818
Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginMod - CVE-2024-56128
Apache Kafka: SCRAM authentication vulnerable to replay atta
Same vendor: Apache Software Foundation
- CVE-2026-45205
Apache Commons Configuration: StackOverflowError for YAML in - CVE-2026-43515
Apache Tomcat: Security constraints not correctly applied - CVE-2026-43514
Apache Tomcat: AJP secret compared in non-constant time - CVE-2026-43513
Apache Tomcat: LockOutRealm treats user names as case-sensit - CVE-2026-43512
Apache Tomcat: Digest authenticator will authenticate any un
V. Comments for CVE-2018-1288
No comments yet