PT-2023-13354 · Apache · Apache Axis

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows an authenticated, remote attacker to perform a blind SSRF attack using the ws-legacy/load dtd?system id= endpoint to deploy JSP code to the Apache Axis...