CVE-2018-8032: XSS
First published: Thu Aug 02 2018(Updated: )
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Axis | >=1.0<=1.4 | |
| Oracle Agile Engineering Data Management | =6.2.1.0 | |
| Oracle Agile Product Lifecycle Management Framework | =9.3.3 | |
| Oracle Application Testing Suite | =13.2.0.1 | |
| Oracle Application Testing Suite | =13.3.0.1 | |
| Oracle Big Data Discovery | =1.6 | |
| Oracle Communications Asap Cartridges | =7.2 | |
| Oracle Communications Asap Cartridges | =7.3 | |
| Oracle Communications Design Studio | =7.3.4.3.0 | |
| Oracle Communications Design Studio | =7.3.5.5.0 | |
| Oracle Communications Design Studio | =7.4.0.4.0 | |
| Oracle Communications Design Studio | =7.4.1.1.0 | |
| Oracle Communications Element Manager | =8.0.0 | |
| Oracle Communications Element Manager | =8.1.0 | |
| Oracle Communications Element Manager | =8.1.1 | |
| Oracle Communications Element Manager | =8.2.0 | |
| Oracle Communications Network Integrity | =7.3.5 | |
| Oracle Communications Network Integrity | =7.3.6 | |
| Oracle Communications Order and Service Management | =7.3.0.0.0 | |
| Oracle Communications Order and Service Management | =7.4 | |
| Oracle Communications Session Report Manager | =8.0.0 | |
| Oracle Communications Session Report Manager | =8.1.0 | |
| Oracle Communications Session Report Manager | =8.1.1 | |
| Oracle Communications Session Report Manager | =8.2.0 | |
| Oracle Communications Session Route Manager | =8.0.0 | |
| Oracle Communications Session Route Manager | =8.1.0 | |
| Oracle Communications Session Route Manager | =8.1.1 | |
| Oracle Communications Session Route Manager | =8.2.0 | |
| Oracle Endeca Information Discovery Studio | =3.2.0 | |
| Oracle Enterprise Manager Base Platform | =12.1.0.5 | |
| Oracle Enterprise Manager Base Platform | =13.3.0.0 | |
| Oracle Enterprise Manager For Fusion Middleware | =12.1.0.5 | |
| Oracle Financial Services Analytical Applications Infrastructure | >=7.3.3<=7.3.5 | |
| Oracle Financial Services Analytical Applications Infrastructure | >=8.0.0<=8.0.8 | |
| Oracle Financial Services Compliance Regulatory Reporting | >=8.0.6<=8.0.8 | |
| Oracle Financial Services Funds Transfer Pricing | >=8.0.2<=8.0.7 | |
| Oracle FLEXCUBE Core Banking | =11.7.0 | |
| Oracle FLEXCUBE Core Banking | =11.8.0 | |
| Oracle FLEXCUBE Core Banking | =11.9.0 | |
| Oracle FLEXCUBE Core Banking | =11.10.0 | |
| Oracle FLEXCUBE Private Banking | =12.0.0 | |
| Oracle FLEXCUBE Private Banking | =12.1.0 | |
| Oracle Hospitality Guest Access | =4.2.0 | |
| Oracle Hospitality Guest Access | =4.2.1 | |
| Oracle Instantis Enterprisetrack | =17.1 | |
| Oracle Instantis Enterprisetrack | =17.2 | |
| Oracle Instantis Enterprisetrack | =17.3 | |
| Oracle Internet Directory | =12.2.1.3.0 | |
| Oracle Internet Directory | =12.2.1.4.0 | |
| Oracle Knowledge | >=8.6.0<=8.6.3 | |
| Oracle Peoplesoft Enterprise Human Capital Management Human Resources | =9.2 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle Policy Automation Connector For Siebel | =10.4.6 | |
| Oracle Primavera Gateway | =16.2.11 | |
| Oracle Primavera Gateway | =17.12.6 | |
| Oracle Primavera Unifier | >=17.7<=17.12 | |
| Oracle Primavera Unifier | =16.1 | |
| Oracle Primavera Unifier | =16.2 | |
| Oracle Primavera Unifier | =18.8 | |
| Oracle Primavera Unifier | =19.12 | |
| Oracle Rapid Planning | =12.1 | |
| Oracle Rapid Planning | =12.2 | |
| Oracle Real-time Decision Server | =3.2.1.0 | |
| Oracle Retail Order Broker | =15.0 | |
| Oracle Retail Order Broker | =16.0 | |
| Oracle Retail Order Broker | =18.0 | |
| Oracle Retail Xstore Point of Service | =7.1 | |
| Oracle Secure Global Desktop | =5.4 | |
| Oracle Secure Global Desktop | =5.5 | |
| Oracle Siebel Ui Framework | <=21.0 | |
| Oracle Tuxedo | =12.1.1.0.0 | |
| Oracle Tuxedo | =12.1.3 | |
| Oracle WebCenter Portal | =12.2.1.3.0 | |
| Debian Debian Linux | =9.0 | |
| maven/axis:axis | <=1.4 | |
| maven/org.apache.axis:axis | <=1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E
- https://issues.apache.org/jira/browse/AXIS-2924
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b@%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041@%3Cjava-dev.axis.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
- https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://nvd.nist.gov/vuln/detail/CVE-2018-8032
- https://github.com/advisories/GHSA-96jq-75wh-2658 (Advisory)
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/147823
- https://www.ibm.com/support/pages/node/1146424 (Advisory)
- agent/type
- agent/remedy
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-96jq-75wh-2658
- alias/CVE-2018-8032
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-cve
- collector/github-advisory
- agent/references
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- vendor/apache
- canonical/apache axis
- version/apache axis/1.0
- version/apache axis/1.4
- vendor/oracle
- canonical/oracle agile engineering data management
- version/oracle agile engineering data management/6.2.1.0
- canonical/oracle agile product lifecycle management framework
- version/oracle agile product lifecycle management framework/9.3.3
- canonical/oracle application testing suite
- version/oracle application testing suite/13.2.0.1
- version/oracle application testing suite/13.3.0.1
- canonical/oracle big data discovery
- version/oracle big data discovery/1.6
- canonical/oracle communications asap cartridges
- version/oracle communications asap cartridges/7.2
- version/oracle communications asap cartridges/7.3
- canonical/oracle communications design studio
- version/oracle communications design studio/7.3.4.3.0
- version/oracle communications design studio/7.3.5.5.0
- version/oracle communications design studio/7.4.0.4.0
- version/oracle communications design studio/7.4.1.1.0
- canonical/oracle communications element manager
- version/oracle communications element manager/8.0.0
- version/oracle communications element manager/8.1.0
- version/oracle communications element manager/8.1.1
- version/oracle communications element manager/8.2.0
- canonical/oracle communications network integrity
- version/oracle communications network integrity/7.3.5
- version/oracle communications network integrity/7.3.6
- canonical/oracle communications order and service management
- version/oracle communications order and service management/7.3.0.0.0
- version/oracle communications order and service management/7.4
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.0.0
- version/oracle communications session report manager/8.1.0
- version/oracle communications session report manager/8.1.1
- version/oracle communications session report manager/8.2.0
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.0.0
- version/oracle communications session route manager/8.1.0
- version/oracle communications session route manager/8.1.1
- version/oracle communications session route manager/8.2.0
- canonical/oracle endeca information discovery studio
- version/oracle endeca information discovery studio/3.2.0
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/12.1.0.5
- version/oracle enterprise manager base platform/13.3.0.0
- canonical/oracle enterprise manager for fusion middleware
- version/oracle enterprise manager for fusion middleware/12.1.0.5
- canonical/oracle financial services analytical applications infrastructure
- version/oracle financial services analytical applications infrastructure/7.3.3
- version/oracle financial services analytical applications infrastructure/7.3.5
- version/oracle financial services analytical applications infrastructure/8.0.0
- version/oracle financial services analytical applications infrastructure/8.0.8
- canonical/oracle financial services compliance regulatory reporting
- version/oracle financial services compliance regulatory reporting/8.0.6
- version/oracle financial services compliance regulatory reporting/8.0.8
- canonical/oracle financial services funds transfer pricing
- version/oracle financial services funds transfer pricing/8.0.2
- version/oracle financial services funds transfer pricing/8.0.7
- canonical/oracle flexcube core banking
- version/oracle flexcube core banking/11.7.0
- version/oracle flexcube core banking/11.8.0
- version/oracle flexcube core banking/11.9.0
- version/oracle flexcube core banking/11.10.0
- canonical/oracle flexcube private banking
- version/oracle flexcube private banking/12.0.0
- version/oracle flexcube private banking/12.1.0
- canonical/oracle hospitality guest access
- version/oracle hospitality guest access/4.2.0
- version/oracle hospitality guest access/4.2.1
- canonical/oracle instantis enterprisetrack
- version/oracle instantis enterprisetrack/17.1
- version/oracle instantis enterprisetrack/17.2
- version/oracle instantis enterprisetrack/17.3
- canonical/oracle internet directory
- version/oracle internet directory/12.2.1.3.0
- version/oracle internet directory/12.2.1.4.0
- canonical/oracle knowledge
- version/oracle knowledge/8.6.0
- version/oracle knowledge/8.6.3
- canonical/oracle peoplesoft enterprise human capital management human resources
- version/oracle peoplesoft enterprise human capital management human resources/9.2
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.56
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- canonical/oracle policy automation connector for siebel
- version/oracle policy automation connector for siebel/10.4.6
- canonical/oracle primavera gateway
- version/oracle primavera gateway/16.2.11
- version/oracle primavera gateway/17.12.6
- canonical/oracle primavera unifier
- version/oracle primavera unifier/17.7
- version/oracle primavera unifier/17.12
- version/oracle primavera unifier/16.1
- version/oracle primavera unifier/16.2
- version/oracle primavera unifier/18.8
- version/oracle primavera unifier/19.12
- canonical/oracle rapid planning
- version/oracle rapid planning/12.1
- version/oracle rapid planning/12.2
- canonical/oracle real-time decision server
- version/oracle real-time decision server/3.2.1.0
- canonical/oracle retail order broker
- version/oracle retail order broker/15.0
- version/oracle retail order broker/16.0
- version/oracle retail order broker/18.0
- canonical/oracle retail xstore point of service
- version/oracle retail xstore point of service/7.1
- canonical/oracle secure global desktop
- version/oracle secure global desktop/5.4
- version/oracle secure global desktop/5.5
- canonical/oracle siebel ui framework
- version/oracle siebel ui framework/21.0
- canonical/oracle tuxedo
- version/oracle tuxedo/12.1.1.0.0
- version/oracle tuxedo/12.1.3
- canonical/oracle webcenter portal
- version/oracle webcenter portal/12.2.1.3.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/maven