製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Axis におけるクロスサイトスクリプティングの脆弱性

タイトル	Apache Axis におけるクロスサイトスクリプティングの脆弱性
概要	Apache Axis には、クロスサイトスクリプティングの脆弱性が存在します。
想定される影響	情報を取得される、および情報を改ざんされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2018年7月8日0:00
登録日	2018年10月26日15:47
最終更新日	2018年10月26日15:47

CVSS3.0 : 警告
スコア	6.1
ベクター	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS2.0 : 警告
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:N/I:P/A:N

影響を受けるシステム

Apache Software Foundation

Apache Axis 1.4 までの 1.x

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-8032	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8032
National Vulnerability Database (NVD)
2	CVE-2018-8032	https://nvd.nist.gov/vuln/detail/CVE-2018-8032

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	名前	URL
Apache Software Foundation
1	AXIS-2924	https://issues.apache.org/jira/browse/AXIS-2924
Mailing list archives
2	[jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E

変更履歴

No	変更内容	変更日
1	[2018年10月26日] 掲載	2018年10月26日15:47

NVD脆弱性情報

CVE-2018-8032

概要	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
公表日	2018年8月2日22:29
登録日	2021年1月26日10:40
最終更新日	2024年11月21日13:13

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:apache:axis::::::::		1.0	1.4

構成2	以上	以下	より上	未満
cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	7.3.3	7.3.5
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::	8.6.0	8.6.3
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::	8.0.6	8.0.8
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.0	8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::	8.0.2	8.0.7
cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::		21.0
cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*

構成3		以上	以下	より上	未満
cpe:2.3:o:debian:debian_linux:9.0:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
2	http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E
3	https://issues.apache.org/jira/browse/AXIS-2924	Issue Tracking Patch Vendor Advisory
4	https://issues.apache.org/jira/browse/AXIS-2924	Issue Tracking Patch Vendor Advisory
5	https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
6	https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E
7	https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
8	https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E
9	https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html	Mailing List Third Party Advisory
10	https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html	Mailing List Third Party Advisory
11	https://security.netapp.com/advisory/ntap-20240621-0006/
12	https://security.netapp.com/advisory/ntap-20240621-0006/
13	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
14	https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
15	https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
16	https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
17	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
18	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
19	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
20	https://www.oracle.com/security-alerts/cpujan2020.html	Third Party Advisory
21	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
22	https://www.oracle.com/security-alerts/cpujan2021.html	Third Party Advisory
23	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
24	https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
25	https://www.oracle.com/security-alerts/cpujul2022.html
26	https://www.oracle.com/security-alerts/cpujul2022.html
27	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
28	https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
29	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
30	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

構成2	以上	以下	より上	未満
cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:::::::*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.3:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:::::::*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:::::::*
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:::::::*
cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:::::::*
cpe:2.3:a:oracle:primavera_unifier::::::::	17.7	17.12
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	7.3.3	7.3.5
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:::::::*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:::::::*
cpe:2.3:a:oracle:knowledge::::::::	8.6.0	8.6.3
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
cpe:2.3:a:oracle:rapid_planning:12.1:::::::*
cpe:2.3:a:oracle:rapid_planning:12.2:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
cpe:2.3:a:oracle:primavera_gateway:16.2.11:::::::*
cpe:2.3:a:oracle:primavera_gateway:17.12.6:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.2:::::::*
cpe:2.3:a:oracle:communications_asap_cartridges:7.3:::::::*
cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting::::::::	8.0.6	8.0.8
cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:::::::*
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:::::::*
cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:::::::*
cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
cpe:2.3:a:oracle:big_data_discovery:1.6:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:::::::*
cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:::::::*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.0	8.0.8
cpe:2.3:a:oracle:financial_services_funds_transfer_pricing::::::::	8.0.2	8.0.7
cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:::::::*
cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:::::::*
cpe:2.3:a:oracle:siebel_ui_framework::::::::		21.0
cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:::::::*
cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:::::::*