Vulnerabilidad en Apache Axis (CVE-2018-8032)
Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-79
Neutralización incorrecta de la entrada durante la generación de la página web (Cross-site Scripting)
Fecha de publicación:
02/08/2018
Última modificación:
08/05/2025
Descripción
Apache Axis en versiones 1.x hasta la 1.4 (incluida) es vulnerable a un ataque de Cross-Site Scripting (XSS) en el servlet/services por defecto.
Impacto
Puntuación base 3.x
6.10
Gravedad 3.x
MEDIA
Puntuación base 2.0
4.30
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:* | 1.0 (incluyendo) | 1.4 (incluyendo) |
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
- https://issues.apache.org/jira/browse/AXIS-2924
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
- https://issues.apache.org/jira/browse/AXIS-2924
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html