CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
https://issues.apache.org/jira/browse/AXIS-2924	Issue Tracking Patch Vendor Advisory
https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
	cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
	cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
	cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
	cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
	cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
	cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
	cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::
	cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::
	cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:knowledge::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
	cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
	cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
	cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
	cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:01

Type	Values Removed	Values Added
References	{'url': 'http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E', 'name': '[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E', 'name': '[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E', 'name': '[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}	() http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E - () https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E - () https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E -

25 Jul 2022, 18:15

Type	Values Removed	Values Added
References		(N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

13 Jun 2022, 19:01

Type	Values Removed	Values Added
First Time		Oracle internet Directory
CPE		cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::* cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

30 Nov 2021, 21:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::* cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::* cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::* cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:a:oracle:siebel_ui_framework::::::::
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html - Mailing List, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory
References	~~(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Third Party Advisory~~	(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory

17 Nov 2021, 15:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html -

20 Oct 2021, 11:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

15 Mar 2021, 22:30

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References	~~(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html -~~	(N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory
References	~~(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html -~~	(MISC) https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E - Mailing List, Vendor Advisory
References	~~(MLIST) https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E - Mailing List, Vendor Advisory
CPE		cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::* cpe:2.3:a:oracle:primavera_unifier:16.2:::::::* cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::* cpe:2.3:a:oracle:primavera_unifier:18.8:::::::* cpe:2.3:a:oracle:retail_order_broker:18.0:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::* cpe:2.3:a:oracle:primavera_unifier:::::::: cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::* cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:::::::: cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:::::::: cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::* cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::* cpe:2.3:a:oracle:retail_order_broker:16.0:::::::* cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::* cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::* cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::* cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::* cpe:2.3:a:oracle:tuxedo:12.1.3:::::::* cpe:2.3:a:oracle:primavera_unifier:19.12:::::::* cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:::::::: cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::* cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::* cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::* cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::* cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::* cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::* cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::* cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::* cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::* cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::* cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::* cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::* cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::* cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::* cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::* cpe:2.3:a:oracle:rapid_planning:12.1:::::::* cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::* cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::* cpe:2.3:a:oracle:knowledge:::::::: cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::* cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::* cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::* cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::* cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::* cpe:2.3:a:oracle:rapid_planning:12.2:::::::* cpe:2.3:a:oracle:big_data_discovery:1.6:::::::* cpe:2.3:a:oracle:retail_order_broker:15.0:::::::* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::* cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::* cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::* cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::* cpe:2.3:a:oracle:primavera_unifier:16.1:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*

20 Jan 2021, 15:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -

Information

Published : 2018-08-02 13:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-8032

Mitre link : CVE-2018-8032

CVE.ORG link : CVE-2018-8032

JSON object : View

Products Affected

oracle

enterprise_manager_for_fusion_middleware
flexcube_private_banking
flexcube_core_banking
secure_global_desktop
hospitality_guest_access
enterprise_manager_base_platform
instantis_enterprisetrack
communications_element_manager
communications_asap_cartridges
primavera_gateway
financial_services_funds_transfer_pricing
knowledge
financial_services_analytical_applications_infrastructure
tuxedo
internet_directory
retail_order_broker
financial_services_compliance_regulatory_reporting
endeca_information_discovery_studio
communications_design_studio
peoplesoft_enterprise_human_capital_management_human_resources
webcenter_portal
primavera_unifier
agile_product_lifecycle_management_framework
communications_session_report_manager
communications_order_and_service_management
agile_engineering_data_management
rapid_planning
communications_network_integrity
peoplesoft_enterprise_peopletools
retail_xstore_point_of_service
real-time_decision_server
policy_automation_connector_for_siebel
application_testing_suite
siebel_ui_framework
big_data_discovery
communications_session_route_manager

debian

debian_linux

apache

axis

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-8032

6.1^/10

4.3^/10

Attach tags to `CVE-2018-8032`