製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Axis におけるクロスサイトスクリプティングの脆弱性

Title	Apache Axis におけるクロスサイトスクリプティングの脆弱性
Summary	Apache Axis には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 8, 2018, midnight
Registration Date	Oct. 26, 2018, 3:47 p.m.
Last Update	Oct. 26, 2018, 3:47 p.m.

CVSS3.0 : 警告
Score	6.1
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

Apache Software Foundation

Apache Axis 1.4 までの 1.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-8032	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8032
National Vulnerability Database (NVD)
2	CVE-2018-8032	https://nvd.nist.gov/vuln/detail/CVE-2018-8032

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Apache Software Foundation
1	AXIS-2924	https://issues.apache.org/jira/browse/AXIS-2924
Mailing list archives
2	[jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E

Change Log

No	Changed Details	Date of change
1	[2018年10月26日] 掲載	Oct. 26, 2018, 3:47 p.m.

NVD Vulnerability Information

CVE-2018-8032

Summary	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Publication Date	Aug. 2, 2018, 10:29 p.m.
Registration Date	Jan. 26, 2021, 10:40 a.m.
Last Update	Nov. 21, 2024, 1:13 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apache:axis::::::::		1.0	1.4

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	7.3.3	7.3.5
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::	8.6.0	8.6.3
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::	8.0.6	8.0.8
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.0	8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::	8.0.2	8.0.7
cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::		21.0
cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:9.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
2	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
3	https://issues.apache.org/jira/browse/AXIS-2924	Issue Tracking Patch Vendor Advisory
4	https://issues.apache.org/jira/browse/AXIS-2924	Issue Tracking Patch Vendor Advisory
5	https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
6	https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
7	https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
8	https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
9	https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html	Mailing List Third Party Advisory
10	https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html	Mailing List Third Party Advisory
11	https://security.netapp.com/advisory/ntap-20240621-0006/
12	https://security.netapp.com/advisory/ntap-20240621-0006/
13	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
14	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
15	https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
16	https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
17	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
18	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
19	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
20	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
21	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
22	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
23	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
24	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
25	https://www.oracle.com/security-alerts/cpujul2022.html
26	https://www.oracle.com/security-alerts/cpujul2022.html
27	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
28	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
29	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
30	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	7.3.3	7.3.5
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::	8.6.0	8.6.3
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::	8.0.6	8.0.8
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.0	8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::	8.0.2	8.0.7
cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::		21.0
cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*