CVE-2018-8032

CWE-79 — Cross-site Scripting (XSS)9 documents7 sources

Severity

6.1MEDIUM

EPSS

2.3%

top 15.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Axis Oracle Financial Services Analytical Applications Infrastructure Oracle Financial Services Compliance Regulatory Reporting +36 more

Timeline

PublishedAug 2

Latest updateOct 16

Description

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages41 packages

▶NVDapache/axis1.0 — 1.4

▶Mavenorg.apache.axis:axis1.4

▶CVEListV5apache_software_foundation/apache_axis1.x up to and including 1.4

▶Debianaxis< 1.4-28+3

▶Mavenaxis:axis1.4

Also affects: Debian Linux 9.0

Patches

Patch: issues.apache.org ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects apache axis↗2018-10-16

▶

OSV

Moderate severity vulnerability that affects apache axis↗2018-10-16

▶

OSV

CVE-2018-8032: Apache Axis 1↗2018-08-02

▶

CVEList

CVE-2018-8032: Apache Axis 1↗2018-08-02

▶

📋Vendor Advisories

Red Hat

axis: cross-site scripting (XSS) attack in the default servlet/services↗2018-07-08

▶

Debian

CVE-2018-8032: axis - Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting ...↗2018

▶

💬Community

Bugzilla

CVE-2018-8032 axis: cross-site scripting (XSS) attack in the default servlet/services [fedora-27]↗2018-08-02

▶

Bugzilla

CVE-2018-8032 axis: cross-site scripting (XSS) attack in the default servlet/services↗2018-08-02

▶