Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-51441

HistoryJan 06, 2024 - 12:15 p.m.

CVE-2023-51441

2024-01-0612:15:42

Debian Security Bug Tracker

security-tracker.debian.org

apache axis

input validation

ssrf

admin service

migration

patch

apache axis 2/java

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

OSVersionArchitecturePackageVersionFilename
Debian12allaxis<= 1.4-28+deb12u1axis_1.4-28+deb12u1_all.deb
Debian11allaxis<= 1.4-28+deb11u1axis_1.4-28+deb11u1_all.deb
Debian10allaxis<= 1.4-28axis_1.4-28_all.deb
Debian999allaxis<= 1.4-29axis_1.4-29_all.deb
Debian13allaxis<= 1.4-29axis_1.4-29_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	axis	<= 1.4-28+deb12u1	axis_1.4-28+deb12u1_all.deb
Debian	11	all	axis	<= 1.4-28+deb11u1	axis_1.4-28+deb11u1_all.deb
Debian	10	all	axis	<= 1.4-28	axis_1.4-28_all.deb
Debian	999	all	axis	<= 1.4-29	axis_1.4-29_all.deb
Debian	13	all	axis	<= 1.4-29	axis_1.4-29_all.deb