2 matches found
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...
CVE-2018-8033
CVE-2018-8033 affects Apache OFBiz 16.11.01–16.11.04. The vulnerability lies in the OFBiz HTTP engine at /webtools/control/httpService, where POST/GET requests may include serviceName, serviceMode, and serviceContext. Exploitation is achieved via DOCTYPEs referencing external entities, triggering...