{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2018-8032", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2024-09-16T16:29:01.816Z", "dateReserved": "2018-03-09T00:00:00", "datePublished": "2018-08-02T13:00:00Z"}, "containers": {"cna": {"datePublic": "2018-07-08T00:00:00", "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-06-21T19:08:01.869746"}, "descriptions": [{"lang": "en", "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Axis", "versions": [{"version": "1.x up to and including 1.4", "status": "affected"}]}], "references": [{"name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list"], "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"}, {"name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"}, {"name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"url": "https://issues.apache.org/jira/browse/AXIS-2924"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Cross-site Scripting"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:12.311Z"}, "title": "CVE Program Container", "references": [{"name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"}, {"name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"}, {"name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_transferred"]}, {"url": "https://issues.apache.org/jira/browse/AXIS-2924", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*", "matchCriteriaId": "5114D26C-501B-4F51-B12C-D8A4537BEC80", "versionEndIncluding": "1.4", "versionStartIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4CE3535-FC9D-4FB2-8739-19E7477B07FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "58A06A98-0374-4B56-9045-D939F30BF479", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "63C81E5E-3C53-4731-96C3-0F5767874B11", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB472856-38AB-4062-B752-E204B177DE72", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36E39918-B2D6-43F0-A607-8FD8BFF6F340", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "14480702-4398-4C28-82A6-E7329FB3B650", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", "versionEndIncluding": "7.3.5", "versionStartIncluding": "7.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6E8C634-FC3E-418F-8D7D-B71E1A3E2DBE", "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DDD1A52-5794-4837-847C-E5F073330774", "versionEndIncluding": "8.0.8", "versionStartIncluding": "8.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", "matchCriteriaId": "547D042E-51DE-430D-B4BA-F0698646BC80", "versionEndIncluding": "8.0.7", "versionStartIncluding": "8.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "68F2A706-3250-4026-9498-CB4B38B23CEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7360EC9B-814F-4FF5-AA9D-9E55A380B2C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590", "versionEndIncluding": "8.6.3", "versionStartIncluding": "8.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "344A3A9E-3113-4096-B9F8-CA0AD705242B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "1DFB9704-6B99-4113-8537-E4AE0F791B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAC9E8DC-5139-4420-9BD6-0B5F2FA3150E", "versionEndIncluding": "21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "BBC28867-E828-4ABC-BE7B-3E5C2E826879", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."}, {"lang": "es", "value": "Apache Axis en versiones 1.x hasta la 1.4 (incluida) es vulnerable a un ataque de Cross-Site Scripting (XSS) en el servlet/services por defecto."}], "id": "CVE-2018-8032", "lastModified": "2025-05-08T18:13:51.353", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-02T13:29:00.363", "references": [{"source": "security@apache.org", "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/AXIS-2924"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"}, {"source": "security@apache.org", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "security@apache.org", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/AXIS-2924"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "axis: cross-site scripting (XSS) attack in the default servlet/services", "id": "1611835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611835"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."], "name": "CVE-2018-8032", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "axis", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "axis", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-eclipse46-axis", "product_name": "Red Hat Software Collections"}], "public_date": "2018-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-8032\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8032"], "threat_severity": "Moderate"}

{}