Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2018-8033
HistoryDec 13, 2018 - 2:00 p.m.

CVE-2018-8033

2018-12-1314:00:00
apache
www.cve.org

0.045 Low

EPSS

Percentile

92.6%

JSON

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.

CNA Affected

[
  {
    "product": "Apache OFBiz",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache OFBiz 16.11.01 to 16.11.04"
      }
    ]
  }
]

Related

prion 1
nuclei 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2018-12-13 14:29:00
nuclei
nuclei
Apache OFBiz 16.11.04 - XML Entity Injection
2021-01-30 03:58:20
cve
cve
CVE-2018-8033
2018-12-13 14:29:00
nvd
nvd
CVE-2018-8033
2018-12-13 14:29:00

0.045 Low

EPSS

Percentile

92.6%

JSON
Related for CVELIST:CVE-2018-8033
prion1nuclei1cve1nvd1