CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-8031

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0650%
EPSS Percentile10.54th
Published2018年7月23日
Last Modified2024年11月21日

Vulnerability Description

The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863.

Affected Platforms (CPE)

📦
Apache

Tomee

< 7.0.5

References & Advisories

🔗 https://lists.apache.org/thread.html/c4b0d83a534d6cdf2de54dbbd00e3538072ac2e360781b784608ed0d%40%3Cdev.tomee.apache.org%3E
🔗 https://lists.apache.org/thread.html/c4b0d83a534d6cdf2de54dbbd00e3538072ac2e360781b784608ed0d%40%3Cdev.tomee.apache.org%3E

相关漏洞威胁

CVE-2020-119699.8

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX po...

CVE-2020-139319.8

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker...

CVE-2016-07799.8

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary c...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...