Miggo Logo

CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.82464%
Published
10/19/2018
Updated
12/21/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.cxf:cxfmaven>= 3.2.0, < 3.2.53.2.5
org.apache.cxf:cxfmaven< 3.1.163.1.16
org.apache.cxf:apache-cxfmaven>= 3.2.0, < 3.2.53.2.5
org.apache.cxf:apache-cxfmaven< 3.1.163.1.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

It is possi*l* to *on*i*ur* *p**** *X* to us* t** *om.sun.n*t.ssl impl*m*nt*tion vi* 'Syst*m.s*tProp*rty("j*v*.proto*ol.**n*l*r.pk*s", "*om.sun.n*t.ssl.int*rn*l.www.proto*ol");'. W**n t*is syst*m prop*rty is s*t, *X* us*s som* r**l**tion to try to m*

Reasoning

No *n*lysis *v*il**l*