CVE-2018-8032

Description

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

References

https://issues.apache.org/jira/browse/AXIS-2924

Issue TrackingPatchVendor Advisory

[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability

Mailing ListPatchVendor Advisory

[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability

Mailing ListVendor Advisory

[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability

Mailing ListVendor Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	CHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	LOW
PrivilegesRequired	NONE
BaseScore	6.1
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:M/Au:N/C:N/I:P/A:N
AccessVector	NETWORK
AccessComplexity	MEDIUM
Authentication	NONE
ConfidentialityImpact	NONE
IntegrityImpact	PARTIAL
AvailabilityImpact	NONE
BaseScore	4.300000190734863

Created by Yello

About Severity.io