PT-2018-3243 · Apache+1 · Apache Axis+1

Publicado

2018-07-08

Atualizado

2024-06-21

CVE-2018-8032

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Axis versions 1.x up to and including 1.4

Description The issue exists due to inadequate protection of the web page structure in the Apache Axis platform. This allows a remote attacker to perform cross-site scripting (XSS) attacks.

Recommendations For Apache Axis versions 1.x up to and including 1.4, consider disabling the default servlet/services as a temporary workaround until a patch is available. Restrict access to the vulnerable servlet/services to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-04413

CVE-2018-8032

DLA-2821-1

GHSA-96JQ-75WH-2658

MGASA-2018-0431

OPENSUSE-SU-2018_3218-1

OPENSUSE-SU-2024:10646-1

SUSE-SU-2018:3118-1

SUSE-SU-2018:3119-1

SUSE-SU-2018:3121-1

SUSE-SU-2018_3118-1

SUSE-SU-2018_3119-1

SUSE-SU-2018_3121-1

Produtos afetados

Apache Axis

Suse

PT-2018-3243 · Apache+1 · Apache Axis+1

CVE-2018-8032

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46