CVE-2018-8038
Description
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
40.655
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-8038 are fixed in Apache - Fediz Spring 1.4.4 | Windows |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-spring2 1.4.4 | Windows |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-jetty8 1.4.4 | Windows |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-jetty9 1.4.4 | Windows |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-spring3 1.4.4 | Windows |
| Vulnerabilities CVE-2018-8038 are fixed in Apache - Fediz Spring for Linux 1.4.4 | Linux |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-spring2 for Linux 1.4.4 | Linux |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-jetty8 for Linux 1.4.4 | Linux |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-jetty9 for Linux 1.4.4 | Linux |
| Vulnerabilities CVE-2018-8038 are fixed in Apache-fediz-spring3 for Linux 1.4.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234