CVE-2018-8032
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
02/08/2018
Last modified:
08/05/2025
Description
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:* | 1.0 (including) | 1.4 (including) |
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
- https://issues.apache.org/jira/browse/AXIS-2924
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
- https://issues.apache.org/jira/browse/AXIS-2924
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html