PT-2018-3243 · Apache+1 · Apache Axis+1

Published

2018-07-08

·

Updated

2024-06-21

·

CVE-2018-8032

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Apache Axis versions 1.x up to and including 1.4
Description The issue exists due to inadequate protection of the web page structure in the Apache Axis platform. This allows a remote attacker to perform cross-site scripting (XSS) attacks.
Recommendations For Apache Axis versions 1.x up to and including 1.4, consider disabling the default servlet/services as a temporary workaround until a patch is available. Restrict access to the vulnerable servlet/services to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-04413
CVE-2018-8032
DLA-2821-1
GHSA-96JQ-75WH-2658
MGASA-2018-0431
OPENSUSE-SU-2018_3218-1
OPENSUSE-SU-2024:10646-1
SUSE-SU-2018:3118-1
SUSE-SU-2018:3119-1
SUSE-SU-2018:3121-1
SUSE-SU-2018_3118-1
SUSE-SU-2018_3119-1
SUSE-SU-2018_3121-1

Affected Products

Apache Axis
Suse