Lucene search

[email protected]NVD:CVE-2019-0227

HistoryMay 01, 2019 - 9:29 p.m.

CVE-2019-0227

2019-05-0121:29:00

CWE-918

[email protected]

web.nvd.nist.gov

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.86 High

EPSS

Percentile

98.6%

JSON

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Affected configurations

NVD

Node

apacheaxisMatch1.4

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oracleagile_product_lifecycle_management_frameworkMatch9.3.3

oracleapplication_testing_suiteMatch13.2.0.1

oracleapplication_testing_suiteMatch13.3.0.1

oraclebig_data_discoveryMatch1.6

oraclecommunications_asap_cartridgesMatch7.2

oraclecommunications_asap_cartridgesMatch7.3

oraclecommunications_design_studioMatch7.3.4.3.0

oraclecommunications_design_studioMatch7.3.5.5.0

oraclecommunications_design_studioMatch7.4.0.4.0

oraclecommunications_design_studioMatch7.4.1.1.0

oraclecommunications_element_managerMatch8.0.0

oraclecommunications_element_managerMatch8.1.0

oraclecommunications_element_managerMatch8.1.1

oraclecommunications_element_managerMatch8.2.0

oraclecommunications_network_integrityMatch7.3.5

oraclecommunications_network_integrityMatch7.3.6

oraclecommunications_order_and_service_managementMatch7.3.0.0.0

oraclecommunications_order_and_service_managementMatch7.4

oraclecommunications_session_report_managerMatch8.0.0

oraclecommunications_session_report_managerMatch8.1.0

oraclecommunications_session_report_managerMatch8.1.1

oraclecommunications_session_report_managerMatch8.2.0

oraclecommunications_session_route_managerMatch8.0.0

oraclecommunications_session_route_managerMatch8.1.0

oraclecommunications_session_route_managerMatch8.1.1

oraclecommunications_session_route_managerMatch8.2.0

oracleendeca_information_discovery_studioMatch3.2.0

oracleenterprise_manager_base_platformMatch12.1.0.5

oracleenterprise_manager_base_platformMatch13.3.0.0

oracleenterprise_manager_for_fusion_middlewareMatch12.1.0.5

oraclefinancial_services_analytical_applications_infrastructureRange7.3.3–7.3.5

oraclefinancial_services_analytical_applications_infrastructureRange8.0.0–8.0.8

oraclefinancial_services_compliance_regulatory_reportingRange8.0.6–8.0.8

oraclefinancial_services_funds_transfer_pricingRange8.0.2–8.0.7

oracleflexcube_core_bankingMatch11.7.0

oracleflexcube_core_bankingMatch11.8.0

oracleflexcube_core_bankingMatch11.9.0

oracleflexcube_core_bankingMatch11.10.0

oracleflexcube_private_bankingMatch12.0.0

oracleflexcube_private_bankingMatch12.1.0

oraclehospitality_guest_accessMatch4.2.0

oraclehospitality_guest_accessMatch4.2.1

oracleinstantis_enterprisetrackMatch17.1

oracleinstantis_enterprisetrackMatch17.2

oracleinstantis_enterprisetrackMatch17.3

oracleinternet_directoryMatch12.2.1.3.0

oracleinternet_directoryMatch12.2.1.4.0

oracleknowledgeRange8.6.0–8.6.3

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch7.3.5

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch7.3.6

oraclepeoplesoft_enterprise_human_capital_management_human_resourcesMatch9.2

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepolicy_automation_connector_for_siebelMatch10.4.6

oracleprimavera_gatewayMatch16.2.11

oracleprimavera_gatewayMatch17.12.6

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oraclerapid_planningMatch12.1

oraclerapid_planningMatch12.2

oraclereal-time_decision_serverMatch3.2.1.0

oracleretail_order_brokerMatch15.0

oracleretail_order_brokerMatch16.0

oracleretail_order_brokerMatch18.0

oracleretail_xstore_point_of_serviceMatch7.1

oraclesecure_global_desktopMatch5.4

oraclesecure_global_desktopMatch5.5

oraclesiebel_ui_frameworkRange≤21.0

oracletuxedoMatch12.1.1.0.0

oracletuxedoMatch12.1.3

oraclewebcenter_portalMatch12.2.1.3.0

References

lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E

lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/

security.netapp.com/advisory/ntap-20240621-0006/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

5.4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.86 High

EPSS

Percentile

98.6%

JSON

Related for NVD:CVE-2019-0227

rhino1 github1 redhatcve1 githubexploit1 cvelist1 prion1 packetstorm1 zdt1 exploitpack1 checkpoint_advisories1 osv1 nessus12 symantec1 cve1 ubuntucve1 debiancve1 exploitdb1 ibm7 openvas1 kaspersky1 oracle11