CVEs-PoC/2018/CVE-2018-8038.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 06:06:44 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

POC

Reference

No PoCs from references.

Github

https://github.com/0xT11/CVE-POC
https://github.com/hectorgie/PoC-in-GitHub
https://github.com/tafamace/CVE-2018-8038

815 B Raw Blame History

CVE-2018-8038

Description

POC

Reference

Github

815 B

Raw Blame History