CVE-2018-8033 is a vulnerability in Apache OFBiz
Published on December 13, 2018
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
Products Associated with CVE-2018-8033
Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache OFBiz Version Apache OFBiz 16.11.01 to 16.11.04 is affected by CVE-2018-8033Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.