Is CVE-2018-8038 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Cxf Fediz

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-b…

EPSS: 0.504 (97.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Cxf Fediz — versions prior to 1.4.4

Public proof-of-concept exploits

References

[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released (mailing-list, x_refsource_MLIST)
1041220 (vdb-entry, x_refsource_SECTRACK)
github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d (x_refsource_CONFIRM)
cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc (x_refsource_CONFIRM)
[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2018-8038?: CVE-2018-8038 is a vulnerability in Apache Software Foundation Cxf Fediz. Published 2018-07-05.
Is CVE-2018-8038 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.