Vulnerability Name: CVE-2018-8039 (CCN-145516) Assigned: 2018-06-28 Published: 2018-06-28 Updated: 2021-06-16 Summary: It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. CVSS v3 Severity: 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-755 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2018-8039 CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2 Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-8039) Multiple vulnerabilities in WebSphere Application Server affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1683, CVE-2018-8039) Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Operations Center (CVE-2018-1553, CVE-2018-1683, CVE-2018-8039) Vulnerability in Apache CXF Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-8039) Multiple vulnerabilities affect IBM Voice Gateway Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect for Virtual Environments (CVE-2014-7810, CVE-2018-8039) Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Snapshot for VMware (CVE-2014-7810, CVE-2018-8039) IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect for Workstations Central Administration Console (CVE-2014-7810, CVE-2018-8039, CVE-2018-1901) IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability Oracle Critical Patch Update Advisory - July 2019 106357 1041199 RHSA-2018:2276 RHSA-2018:2277 RHSA-2018:2279 RHSA-2018:2423 RHSA-2018:2424 RHSA-2018:2425 RHSA-2018:2428 RHSA-2018:2643 RHSA-2018:3768 RHSA-2018:3817 apache-cxf-cve20188039-mitm(145516) https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b [cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039) Multiple security vulnerabilities affect Liberty for Java for IBM Cloud IBM TRIRIGA Application Platform Apache CXF Vulnerability (CVE-2018-8039) Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale Potential MITM attack in Apache CXF used by IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-8039) Server Automation is affected by the following vulnerabilities exposures (CVE-2018-8039, CVE-2018-1683, CVE-2018-1755) Potential MITM attack in Apache CXF used by IBM Event Streams (CVE-2018-8039) Asset Analyzer (RAA) is affected by an Apache CXF vulnerability A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-8039) IBM Cognos Analytics has addressed multiple vulnerabilties IBM Cognos Business Intelligence has addressed multiple vulnerabilties IBM Cognos Controller 2020Q1 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities IBM Security Guardium is affected by an "Apache CXF" jar vulnerability IBM Security Guardium is affected by multiple vulnerabilities Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway Oracle Critical Patch Update Advisory - April 2020 N/A Oracle Critical Patch Update Advisory - January 2020 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version >= 3.2.0 and < 3.2.5)OR cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version < 3.1.16) Configuration 2 :cpe:/a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:cxf:3.1:*:*:*:*:*:*:* OR cpe:/a:apache:cxf:3.1.13:*:*:*:*:*:*:* OR cpe:/a:apache:cxf:3.2:*:*:*:*:*:*:* AND cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_analytic_server:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_for_virtual_environments:7.1:*:*:*:*:hyper-v:*:* OR cpe:/a:ibm:spectrum_protect:7.1:*:*:*:workstations:*:*:* OR cpe:/a:ibm:spectrum_protect:7.1:*:extended:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager:12.1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tririga_application_platform:3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_analytic_server:3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:extended:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:virtual_environments:*:*:* OR cpe:/a:ibm:spectrum_scale:4.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager:13.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:5.2:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect:8.1:*:*:*:workstations:*:*:* OR cpe:/a:ibm:spss_analytic_server:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:liberty:3.24:*:java:*:bluemix:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.18:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere:2018.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:3.2.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_streams:4.0.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.1.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:streams:4.2.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.3.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_identity_governance_and_intelligence:5.2.6:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:* OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:* BACK
apache cxf *
apache cxf *
redhat jboss enterprise application platform 7.1.0
apache cxf 3.1
apache cxf 3.1.13
apache cxf 3.2
ibm cognos business intelligence 10.2.2
ibm tivoli application dependency discovery manager 7.3
ibm watson explorer 10.0.0
ibm spss analytic server 2.0
ibm watson explorer 11.0.0
ibm spectrum protect for virtual environments 7.1
ibm spectrum protect 7.1
ibm spectrum protect 7.1
ibm security identity governance and intelligence 5.2
oracle enterprise manager 12.1.0.5
ibm tririga application platform 3.5
ibm security identity governance and intelligence 5.2.1
ibm watson explorer 11.0.1
ibm spss analytic server 3.0
ibm cognos analytics 11.0
ibm watson explorer 11.0.2
ibm spectrum protect 8.1
ibm spectrum protect 8.1
ibm spectrum scale 4.2.3
oracle enterprise manager 13.2
oracle retail order broker cloud service 5.2
oracle retail order broker cloud service 15.0
oracle flexcube private banking 12.0.1
oracle flexcube private banking 12.0.3
oracle flexcube private banking 12.1
ibm spectrum scale 5.0.0
ibm websphere application server 9
ibm cognos controller 10.3.1
ibm spectrum protect 8.1
ibm spss analytic server 3.1
ibm security guardium 10.5
ibm security identity governance and intelligence 5.2.2
ibm security identity governance and intelligence 5.2.2.1
ibm security identity governance and intelligence 5.2.3
ibm security identity governance and intelligence 5.2.3.1
ibm security identity governance and intelligence 5.2.3.2
ibm rational asset analyzer 6.1.0.0
ibm security identity governance and intelligence 5.2.4
ibm liberty 3.24
ibm websphere application server in cloud 8.5
ibm websphere application server in cloud 9.0
ibm cognos controller 10.3.0
ibm websphere application server in cloud *
ibm elastic storage server 4.0.0
ibm elastic storage server 4.0.6
ibm elastic storage server 4.5.0
ibm elastic storage server 4.6.0
ibm elastic storage server 5.0.0
ibm elastic storage server 5.3
ibm rational asset analyzer 6.1.0.18
ibm voice gateway 1.0.0.0
ibm voice gateway 1.0.0.7
ibm websphere 2018.3.0
ibm elastic storage server 5.2.4
ibm security identity governance and intelligence 5.2.4.1
ibm security guardium 10.6
ibm infosphere streams 3.2.1.6
ibm infosphere streams 4.0.1.6
ibm streams 4.3.0.0
ibm streams 4.1.1.6
ibm streams 4.2.1.4
ibm elastic storage server 5.3.2.0
ibm cognos controller 10.4.0
ibm security identity governance and intelligence 5.2.5.0
oracle communications diameter signaling router 8.1
oracle communications diameter signaling router 8.2
ibm cognos analytics 11.1
ibm cognos controller 10.4.1
ibm voice gateway 1.0.2
ibm voice gateway 1.0.3
ibm voice gateway 1.0.2.4
ibm voice gateway 1.0.4
ibm security guardium 11.0
ibm security guardium 11.1
oracle communications session report manager 8.0.0
oracle communications session report manager 8.1.0
oracle communications session report manager 8.1.1
oracle communications session report manager 8.2.1
oracle communications session route manager 8.0.0
oracle communications session route manager 8.1.0
oracle communications session route manager 8.1.1
ibm security identity governance and intelligence 5.2.6
ibm voice gateway 1.0.5
ibm security guardium 11.2
ibm voice gateway 1.0.7
ibm security guardium 11.3
ibm security guardium 11.4
Denotes that component is vulnerable