CVE-2018-8032

Description

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

How to fix CVE-2018-8032

To remediate CVE-2018-8032, upgrade the affected package to a fixed version below.

• Debian/axis—upgrade to 1.4-28 or later
• Debian/axis—upgrade to 1.4-25+deb9u1 or later
• —no fix listed
• —no fix listed

Is CVE-2018-8032 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• from 0, < 1.4-28
• from 0, < 1.4-25+deb9u1
• from 0, <= 1.4
• from 0, <= 1.4

CVSS scores

References (21)

• ADVISORYgithub.com/advisories/GHSA-96jq-75wh-2658
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-8032
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-8032
• WEBmail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E