Sign-up

ID

VAR-201808-1040


CVE

CVE-2018-8032


TITLE

Apache Axis Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-008731

DESCRIPTION

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Apache Axis is an open source, XML-based Web service architecture of the Apache Software Foundation in the United States. It includes SOAP servers implemented in Java and C++ languages, as well as various public services and APIs to generate and deploy Web services. application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.8

sources: NVD: CVE-2018-8032 // JVNDB: JVNDB-2018-008731 // VULHUB: VHN-138064 // VULMON: CVE-2018-8032

AFFECTED PRODUCTS

vendor:oraclemodel:communications asap cartridgesscope:eqversion:7.2

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:lteversion:21.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management frameworkscope:eqversion:9.3.3

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.8.0

Trust: 1.0

vendor:oraclemodel:communications asap cartridgesscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:enterprise manager for fusion middlewarescope:eqversion:12.1.0.5

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:oraclemodel:webcenter portalscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:policy automation connector for siebelscope:eqversion:10.4.6

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.5

Trust: 1.0

vendor:apachemodel:axisscope:gteversion:1.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.4

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:communications design studioscope:eqversion:7.3.4.3.0

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:7.3.5

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.5

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2.11

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0.0

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.3

Trust: 1.0

vendor:oraclemodel:knowledgescope:gteversion:8.6.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.3.0.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise human capital management human resourcesscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.8

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.0.0

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:big data discoveryscope:eqversion:1.6

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:apachemodel:axisscope:lteversion:1.4

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.10.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.1.0

Trust: 1.0

vendor:oraclemodel:internet directoryscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:internet directoryscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.2.0.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5

Trust: 1.0

vendor:oraclemodel:communications design studioscope:eqversion:7.3.5.5.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:7.3.3

Trust: 1.0

vendor:oraclemodel:financial services compliance regulatory reportingscope:lteversion:8.0.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12.6

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.0

Trust: 1.0

vendor:oraclemodel:communications design studioscope:eqversion:7.4.1.1.0

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications design studioscope:eqversion:7.4.0.4.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.0.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.7.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:flexcube core bankingscope:eqversion:11.9.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:financial services compliance regulatory reportingscope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0

Trust: 1.0

vendor:oraclemodel:knowledgescope:lteversion:8.6.3

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:communications network integrityscope:eqversion:7.3.6

Trust: 1.0

vendor:apachemodel:axisscope:eqversion:1.4 for up to 1.x

Trust: 0.8

vendor:apachemodel:axisscope:eqversion:1.2

Trust: 0.6

vendor:apachemodel:axisscope:eqversion:1.1

Trust: 0.6

vendor:apachemodel:axisscope:eqversion:1.0

Trust: 0.6

sources: JVNDB: JVNDB-2018-008731 // CNNVD: CNNVD-201808-082 // NVD: CVE-2018-8032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8032
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-8032
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-082
value: MEDIUM

Trust: 0.6

VULHUB: VHN-138064
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-8032
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8032
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-138064
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8032
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2018-8032
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-138064 // VULMON: CVE-2018-8032 // JVNDB: JVNDB-2018-008731 // CNNVD: CNNVD-201808-082 // NVD: CVE-2018-8032

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-138064 // JVNDB: JVNDB-2018-008731 // NVD: CVE-2018-8032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-082

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201808-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008731

PATCH
title:AXIS-2924url:https://issues.apache.org/jira/browse/AXIS-2924
Trust: 0.8
title:[jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerabilityurl:http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E
Trust: 0.8
title:Apache Axis Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=82812
Trust: 0.6
title:Debian CVElist Bug Report Logs: axis: CVE-2018-8032: cross-site scripting (XSS) attack in the default servlet/servicesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=468f0b8a0724ba487c205868e0aa4a1a
Trust: 0.1
title: - url:https://github.com/khulnasoft-labs/awesome-security 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-8032 // 
            
            
            
            JVNDB: JVNDB-2018-008731 // 
            
            
            
            CNNVD: CNNVD-201808-082

EXTERNAL IDS
db:NVDid:CVE-2018-8032
Trust: 2.6
db:JVNDBid:JVNDB-2018-008731
Trust: 0.8
db:CNNVDid:CNNVD-201808-082
Trust: 0.7
db:AUSCERTid:ESB-2023.3781
Trust: 0.6
db:AUSCERTid:ESB-2021.3943
Trust: 0.6
db:VULHUBid:VHN-138064
Trust: 0.1
db:VULMONid:CVE-2018-8032
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138064 // 
            
            
            
            VULMON: CVE-2018-8032 // 
            
            
            
            JVNDB: JVNDB-2018-008731 // 
            
            
            
            CNNVD: CNNVD-201808-082 // 
            
            
            
            NVD: CVE-2018-8032

REFERENCES
url:https://issues.apache.org/jira/browse/axis-2924
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuapr2021.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuapr2022.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujan2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujan2021.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpujul2022.html
Trust: 1.8
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.8
url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Trust: 1.8
url:https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
Trust: 1.8
url:http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060%40atlassian.jira%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3cjava-dev.axis.apache.org%3e
Trust: 1.0
url:https://security.netapp.com/advisory/ntap-20240621-0006/
Trust: 1.0
url:https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3cjava-dev.axis.apache.org%3e
Trust: 1.0
url:http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3cjira.13170716.1531060536000.93536.1531060560060@atlassian.jira%3e
Trust: 0.8
url:https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3cjava-dev.axis.apache.org%3e
Trust: 0.8
url:https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3cjava-dev.axis.apache.org%3e
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8032
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8032
Trust: 0.8
url:https://www.ibm.com/support/pages/node/1146424
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.3781
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-found-in-axis-jar-v1-x-may-affect-ibm-content-collector-for-sap-applications/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3943
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905328
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=58641
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/nomi-sec/poc-in-github
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138064 // 
            
            
            
            VULMON: CVE-2018-8032 // 
            
            
            
            JVNDB: JVNDB-2018-008731 // 
            
            
            
            CNNVD: CNNVD-201808-082 // 
            
            
            
            NVD: CVE-2018-8032

SOURCES
db:VULHUBid:VHN-138064
db:VULMONid:CVE-2018-8032
db:JVNDBid:JVNDB-2018-008731
db:CNNVDid:CNNVD-201808-082
db:NVDid:CVE-2018-8032

LAST UPDATE DATE
2024-11-23T20:57:52.403000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138064date:2021-11-17T00:00:00
db:VULMONid:CVE-2018-8032date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2018-008731date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-082date:2023-07-04T00:00:00
db:NVDid:CVE-2018-8032date:2024-11-21T04:13:08.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-138064date:2018-08-02T00:00:00
db:VULMONid:CVE-2018-8032date:2018-08-02T00:00:00
db:JVNDBid:JVNDB-2018-008731date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-082date:2018-08-03T00:00:00
db:NVDid:CVE-2018-8032date:2018-08-02T13:29:00.363