Lucene search
K

224 matches found

OSV
OSV
added 2024/01/06 12:30 p.m.4 views

GHSA-HR2C-P8RH-238H Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/01/06 12:30 p.m.52 views

Apache Axis Improper Input Validation vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF. This issue affects Apache Axis through 1.3. As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS6.9AI score0.01213EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2024/01/06 12:15 p.m.15 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7.1AI score0.01213EPSS
Exploits0References2
OSV
OSV
added 2024/01/06 12:15 p.m.20 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2024/01/06 12:15 p.m.2 views

DEBIAN-CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References1
Prion
Prion
added 2024/01/06 12:15 p.m.19 views

Input validation

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

5.8CVSS6.9AI score0.01213EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/06 12:15 p.m.32 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/01/06 11:59 a.m.45 views

CVE-2023-51441

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2CVSS7AI score0.01213EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/06 11:59 a.m.3 views

CVE-2023-51441 Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7AI score0.01213EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/06 11:59 a.m.22 views

CVE-2023-51441 Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis...

7.2AI score0.01213EPSS
Exploits0References2
CVE
CVE
added 2024/01/06 11:59 a.m.141 views

CVE-2023-51441

CVE-2023-51441 is an Improper Input Validation vulnerability in Apache Axis (Axis1) that allows SSRF via the admin HTTP API. Public sources in connected documents indicate Axis 1.x is End-Of-Life (through 1.3) and no Axis1.x fix is expected; remediation centers on migrating to a different SOAP en...

7.2CVSS6.8AI score0.01213EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/01/06 12:0 a.m.7 views

Apache Axis 代码问题漏洞

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. A...

7.2CVSS6.8AI score0.01213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/06 12:0 a.m.5 views

PT-2024-14125 · Apache +2 · Apache Axis +2

Name of the Vulnerable Software and Affected Versions: Apache Axis versions through 1.3 Description: The issue is related to an Improper Input Validation vulnerability in Apache Axis, which allows users with access to the admin service to perform possible Server-Side Request Forgery SSRF. This...

7.2CVSS8.1AI score0.01213EPSS
Exploits0References33
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.21 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

7.3AI score0.01712EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/12/25 12:0 a.m.10 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

7.4AI score0.01712EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.8 views

PT-2023-13354 · Apache · Apache Axis

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows an authenticated, remote attacker to perform a blind SSRF attack using the ws-legacy/load dtd?system id= endpoint to deploy JSP code to the Apache Axis...

8.8CVSS7.2AI score0.01712EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.28 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Axis vulnerability (USN-6470-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6470-1 advisory. It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked...

9.8CVSS8.5AI score0.01931EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.4 views

The vulnerability of the application software interface of Apache Axis web services allows a perpetrator to execute arbitrary code.

The vulnerability of the application programming interface of the Apache Axis web service platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7.9AI score0.01931EPSS
Exploits0References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.27 views

Debian dla-3622 : libaxis-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3622 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8.2AI score0.01931EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.28 views

Amazon Linux AMI : axis (ALAS-2023-1840)

The version of axis installed on the remote host is prior to 1.2.1-7.5.15. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1840 advisory. UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been...

9.8CVSS8.1AI score0.01931EPSS
Exploits0References4
Rows per page
Query Builder