Lucene search
K

224 matches found

Amazon
Amazon
added 2023/10/03 12:0 a.m.25 views

Important: axis

Issue Overview: UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted...

9.8CVSS8.9AI score0.01931EPSS
Exploits0
CNVD
CNVD
added 2023/09/11 12:0 a.m.24 views

Apache Axis Input Validation Error Vulnerability

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. Apache...

9.8CVSS9.2AI score0.01931EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/09/05 3:30 p.m.36 views

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...

9.8CVSS9.4AI score0.01931EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2023/09/05 3:15 p.m.31 views

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.8CVSS9.5AI score0.01931EPSS
Exploits0References3
OSV
OSV
added 2023/09/05 3:15 p.m.31 views

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.8CVSS9.4AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/09/05 3:15 p.m.40 views

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.8CVSS7AI score0.01931EPSS
Exploits0References5
Prion
Prion
added 2023/09/05 3:15 p.m.37 views

Design/Logic Flaw

UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API...

7.5CVSS9.4AI score0.01931EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/09/05 2:42 p.m.83 views

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.8CVSS8.1AI score0.01931EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/05 2:42 p.m.45 views

CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.4AI score0.01931EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/09/05 2:42 p.m.35 views

CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

9.6AI score0.01931EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/09/05 12:0 a.m.3 views

Apache Axis 输入验证错误漏洞

Apache Axis is the United States Apache Apache Foundation of an open source , XML-based Web services architecture . The product contains a SOAP server implemented in Java and C++ languages , as well as a variety of utility services and APIs to generate and deploy Web services applications. Apache...

9.8CVSS6.8AI score0.01931EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.5 views

PT-2023-6524 · Apache +3 · Apache Axis +3

Name of the Vulnerable Software and Affected Versions: Apache Axis versions prior to 1.4 Description: The issue arises from insufficient input validation in the implementation of the Apache Axis web service platform, allowing potentially dangerous lookup mechanisms such as LDAP when looking up a...

10CVSS8.4AI score0.01931EPSS
Exploits0References30
GitLab Advisory Database
GitLab Advisory Database
added 2023/09/05 12:0 a.m.18 views

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...

9.8CVSS7.2AI score0.01931EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 1:9 p.m.57 views

Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.9 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid...

9.8CVSS9.6AI score0.99298EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 9:23 a.m.80 views

Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit

Summary The IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit are vulnerable, as per the CVEs listed in the Vulnerability Details section. These vulnerabilities affect some development tasks in the product toolkit. CVE-2022-29599 and CVE-2020-10683 only affect Test and Java...

9.8CVSS9.9AI score0.86503EPSS
Exploits12Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 7:1 p.m.40 views

K16821: Apache Axis vulnerability CVE-2014-3596

Security Advisory Description The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers v...

5.8CVSS7.3AI score0.05806EPSS
Exploits0Affected Software18
F5 Networks
F5 Networks
added 2023/02/21 6:8 p.m.55 views

K14371: Apache Axis vulnerability CVE-2012-5784

Security Advisory Description Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the...

5.8CVSS7.5AI score0.05722EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:43 a.m.3 views

SUSE CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...

6.5CVSS9.3AI score0.05722EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.5 views

SUSE CVE-2014-3596

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...

6.5CVSS7.7AI score0.05806EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.1 views

SUSE CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...

5.4CVSS7.4AI score0.10554EPSS
Exploits0References7
Rows per page
Query Builder