CVE-2018-8038 is a vulnerability in Apache Cxf Fediz
Published on July 5, 2018

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

NVD

Products Associated with CVE-2018-8038

Want to know whenever a new CVE is published for Apache Cxf Fediz? stack.watch will email you.

Apache Cxf Fediz

Affected Versions

Apache Software Foundation Apache CXF Fediz Version prior to 1.4.4 is affected by CVE-2018-8038

Exploit Probability

EPSS

40.66%

Percentile

97.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-8038 is a vulnerability in Apache Cxf FedizPublished on July 5, 2018

Products Associated with CVE-2018-8038

Affected Versions

Exploit Probability

CVE-2018-8038 is a vulnerability in Apache Cxf Fediz
Published on July 5, 2018