CVE-2018-8033
CVE-2018-8033
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 25.7%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
13 dic 2018Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
Productos afectados
Apache Software Foundation · Apache OFBiz¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →