CVE-2018-8032: CVE-2018-8032

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-8032

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Axis 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Axis是美国阿帕奇（Apache）软件基金会的一个开源、基于XML的Web服务架构，它包含了Java和C++语言实现的SOAP服务器，以及各种公用服务及API，以生成和部署Web服务应用。 Apache Axis 1.x版本至1.4版本中默认的servlet/services存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Axis	1.x up to and including 1.4	-

II. Public POCs for CVE-2018-8032

#	POC Description	Source Link	Shenlong Link
1	从老外那里下载了该漏洞的修复工程，无奈依赖包实在是太多下不下来，选取其中axis工程打成jar包后发现已成功修复项目的漏洞，有需要的亲可以下载重新打jar包替换即可。 clone后用idea打axis这个jar包即可	https://github.com/cairuojin/CVE-2018-8032	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-8032

Please Login to view more intelligence information

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://issues.apache.org/jira/browse/AXIS-2924x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/11/msg00015.htmlmailing-listx_refsource_MLIST
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2018-8032

New Vulnerabilities

Product: Apache Axis

Vendor: Apache Software Foundation

V. Comments for CVE-2018-8032

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2018-8032

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-8032

III. Intelligence Information for CVE-2018-8032

New Vulnerabilities

V. Comments for CVE-2018-8032

Leave a comment