admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2018/8xxx/CVE-2018-8038.json
CVE Team 395a21aaa7
"-Synchronized-Data."
2019-03-17 21:39:34 +00:00

78 lines
2.7 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-04T00:00:00",
"ID": "CVE-2018-8038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF Fediz",
"version": {
"version_data": [
{
"version_value": "prior to 1.4.4"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E"
},
{
"name": "1041220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041220"
},
{
"name": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d",
"refsource": "CONFIRM",
"url": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink