CVE-2018-8032

MEDIUM

Apache Axis <1.4 - XSS

Title source: llm

Description

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

Exploits (1)

nomisec WORKING POC

by cairuojin · poc

https://github.com/cairuojin/CVE-2018-8032

View Code ZIP pw:eip

References (15)

[Various Sources] http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E

[Issue Tracking, Patch, Vendor Advisory] https://issues.apache.org/jira/browse/AXIS-2924

[Mailing List] https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2020.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2020.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujan2021.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2020.html

[Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2021.html

[Patch, Third Party Advisory] https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240621-0006/

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 6.1

EPSS 0.0234

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (50)

apache/axis 1.0 - 1.4

axis/axis 0Maven

debian/debian_linux 9.0

oracle/agile_engineering_data_management 6.2.1.0

oracle/agile_product_lifecycle_management 9.3.3

oracle/application_testing_suite 13.2.0.1

oracle/application_testing_suite 13.3.0.1

oracle/big_data_discovery 1.6

oracle/communications_asap_cartridges 7.2

oracle/communications_asap_cartridges 7.3

... and 40 more

Published Aug 02, 2018

Tracked Since Feb 18, 2026