CVE-2018-8033

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

PT-2018-18396 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 16.11.01 through 16.11.04 Description: The issue concerns the OFBiz HTTP engine, specifically the handling of requests for HTTP services via the "/webtools/control/httpService" endpoint. Both POST and GET requests to thi...