Lucene search
K

222 matches found

OSV
OSV
added 2022/05/17 5:16 a.m.3 views

GHSA-88R4-38GC-97P4 Apache Axis2 Vulnerable to XML Signature wrapping attack

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...

5.8CVSS7.3AI score0.05999EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2022/05/17 3:46 a.m.8 views

org.apache.activemq:apache-activemq (>=4.1.1 <=5.19.7), org.apache.axis2:axis2-integration (=1.4) +4 more potentially affected by CVE-2012-6551 via org.apache.activemq:activemq-web-demo (>=4.1.1 <=5.7.0)

org.apache.activemq:activemq-web-demo MAVEN version =4.1.1, =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2012-6551 Source advisory: OSV:GHSA-34FP-XVXP-RG22...

5CVSS6.8AI score0.07674EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/17 3:46 a.m.5 views

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2012-6551 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2012-6551 Source advisory: OSV:GHSA-34FP-XVXP-RG22...

5CVSS6.8AI score0.07674EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/17 2:22 a.m.35 views

Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

7.5CVSS3.4AI score0.22372EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2022/05/17 2:22 a.m.66 views

GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

7.5CVSS8.3AI score0.22372EPSS
Exploits3References9
vulnersOsv
vulnersOsv
added 2022/05/17 1:38 a.m.6 views

com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +23 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2 (>=1.2 <=1.7.9)

org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...

5.8CVSS7.2AI score0.02206EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/17 1:38 a.m.9 views

br.com.swconsultoria:java-cte (>=3.00.4 <=4.00.14), br.com.swconsultoria:java-mdfe (>=3.00.3 <=3.00.4) +180 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2-transport-http (>=1.5 <=1.7.9)

org.apache.axis2:axis2-transport-http MAVEN version =1.5, =3.00.4, =3.00.3, =4.00.10, =0.5.9, =0.3, =0.1.10, =0.0.3, =1.0.1.RELEASE, =9.00.2110.07.220316, =1.0.0, =1.0.22, =0.0.1, =1.0.0 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...

5.8CVSS7.7AI score0.02206EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/17 1:38 a.m.46 views

Apache Axis2 has Improper Input Validation

Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS9AI score0.02206EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2022/05/17 1:38 a.m.22 views

GHSA-WWQ7-PXWC-P4RC Apache Axis2 has Improper Input Validation

Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS9.1AI score0.02206EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/05/14 2:45 a.m.7 views

org.apache.activemq:apache-activemq (>=5.0.0 <=5.19.7), org.apache.axis2:axis2-integration (=1.4) +4 more potentially affected by CVE-2010-1587 via org.apache.activemq:activemq-web-console (>=5.0.0 <=5.3.0)

org.apache.activemq:activemq-web-console MAVEN version =5.0.0, =5.0.0, =5.19.7 - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 - org.apache.camel:camel-example-jms-file =1.3.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 -...

5CVSS5.7AI score0.78018EPSS
Exploits6
Github Security Blog
Github Security Blog
added 2022/05/14 2:44 a.m.45 views

Improper Neutralization of Input During Web Page Generation in Apache Axis2

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

4.3CVSS3.3AI score0.34927EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/14 2:44 a.m.36 views

GHSA-23X8-J7HM-5XWF Improper Neutralization of Input During Web Page Generation in Apache Axis2

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

4.3CVSS7.1AI score0.34927EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2022/05/13 1:1 a.m.2 views

com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +16 more potentially affected by CVE-2012-5351 via org.apache.axis2:axis2 (>=1.2 <=1.6.3)

org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5351 Source advisory: OSV:GHSA-66RX-GQX3-P98M...

6.4CVSS5.8AI score0.05089EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.51 views

Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

6.4CVSS6.2AI score0.05089EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:1 a.m.2 views

GHSA-66RX-GQX3-P98M Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

6.4CVSS7.2AI score0.05089EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/01 4:20 a.m.195 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS5.5AI score0.10458EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.5 views

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS7.4AI score0.10458EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.5 views

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.10599EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/04/06 12:0 a.m.33 views

Oracle NoSQL Database Enterprise Server-Side Request Forgery (October 2019 CPU)

The version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic...

10CVSS8AI score0.10458EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/12/02 4:24 p.m.3 views

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.10599EPSS
Exploits0References4
Rows per page
Query Builder