1611835 – (CVE-2018-8032) CVE-2018-8032 axis: cross-site scripting (XSS) attack in the default servlet/services

Bug 1611835 (CVE-2018-8032) - CVE-2018-8032 axis: cross-site scripting (XSS) attack in the default servlet/services

Summary: CVE-2018-8032 axis: cross-site scripting (XSS) attack in the default servlet/...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2018-8032
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1611836 1615958
Blocks:	1611837
TreeView+	depends on / blocked

Reported:	2018-08-02 20:57 UTC by Laura Pardo
Modified:	2019-09-29 14:46 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-10 10:35:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-08-02 20:57:28 UTC

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.


References:
https://issues.apache.org/jira/browse/AXIS-2924
http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E

Comment 1 Laura Pardo 2018-08-02 20:58:15 UTC

Created axis tracking bugs for this issue:

Affects: fedora-27 [bug 1611836]

Comment 2 Tomas Hoger 2018-08-07 13:46:40 UTC

Upstream commit:

http://svn.apache.org/viewvc?view=revision&revision=1831943

Note You need to log in before you can comment on or make changes to this bug.