CVE-2018-8032
Description
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Related CPE's
References
Issue TrackingPatchVendor Advisory
Mailing ListPatchVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
PatchThird Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Third Party Advisory
Mailing ListThird Party Advisory
PatchThird Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | LOW |
AttackComplexity | LOW |
Scope | CHANGED |
AttackVector | NETWORK |
AvailabilityImpact | NONE |
IntegrityImpact | LOW |
PrivilegesRequired | NONE |
BaseScore | 6.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Version | 3.1 |
UserInteraction | REQUIRED |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 4.300000190734863 |