15 matches found
RHEL 5 : axis (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - axis: Hard coded domain name in example web service named StockQuoteService.jws leading to remote code...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Axis vulnerability (USN-6470-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6470-1 advisory. It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked...
Debian dla-3622 : libaxis-java - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3622 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/...
Amazon Linux AMI : axis (ALAS-2023-1840)
The version of axis installed on the remote host is prior to 1.2.1-7.5.15. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1840 advisory. UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been...
CVE-2023-40743
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...
CVE-2023-40743
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...
Design/Logic Flaw
UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API...
CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...
CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...
Server Side Request Forgery in Apache Axis
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
Server Side Request Forgery in Apache Axis
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
Updated axis packages fix security vulnerability
Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services CVE-2018-8032...
Apache Axis Cross-Site Scripting Vulnerability
Apache Axis is the United States Apache Apache Software Foundation , an open source , XML-based Web services architecture , which includes Java and C++ language implementation of the SOAP server , as well as a variety of utility services and APIs to generate and deploy Web services applications ....
CVE-2018-8032
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...
CVE-2018-8032
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services...