222 matches found
GHSA-88R4-38GC-97P4 Apache Axis2 Vulnerable to XML Signature wrapping attack
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...
org.apache.activemq:apache-activemq (>=4.1.1 <=5.19.7), org.apache.axis2:axis2-integration (=1.4) +4 more potentially affected by CVE-2012-6551 via org.apache.activemq:activemq-web-demo (>=4.1.1 <=5.7.0)
org.apache.activemq:activemq-web-demo MAVEN version =4.1.1, =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2012-6551 Source advisory: OSV:GHSA-34FP-XVXP-RG22...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2012-6551 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2012-6551 Source advisory: OSV:GHSA-34FP-XVXP-RG22...
Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +23 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2 (>=1.2 <=1.7.9)
org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...
br.com.swconsultoria:java-cte (>=3.00.4 <=4.00.14), br.com.swconsultoria:java-mdfe (>=3.00.3 <=3.00.4) +180 more potentially affected by CVE-2012-5785 via org.apache.axis2:axis2-transport-http (>=1.5 <=1.7.9)
org.apache.axis2:axis2-transport-http MAVEN version =1.5, =3.00.4, =3.00.3, =4.00.10, =0.5.9, =0.3, =0.1.10, =0.0.3, =1.0.1.RELEASE, =9.00.2110.07.220316, =1.0.0, =1.0.22, =0.0.1, =1.0.0 and more Source cves: CVE-2012-5785 Source advisory: OSV:GHSA-WWQ7-PXWC-P4RC...
Apache Axis2 has Improper Input Validation
Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
GHSA-WWQ7-PXWC-P4RC Apache Axis2 has Improper Input Validation
Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
org.apache.activemq:apache-activemq (>=5.0.0 <=5.19.7), org.apache.axis2:axis2-integration (=1.4) +4 more potentially affected by CVE-2010-1587 via org.apache.activemq:activemq-web-console (>=5.0.0 <=5.3.0)
org.apache.activemq:activemq-web-console MAVEN version =5.0.0, =5.0.0, =5.19.7 - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 - org.apache.camel:camel-example-jms-file =1.3.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 -...
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
GHSA-23X8-J7HM-5XWF Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +16 more potentially affected by CVE-2012-5351 via org.apache.axis2:axis2 (>=1.2 <=1.6.3)
org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-5351 Source advisory: OSV:GHSA-66RX-GQX3-P98M...
Improper Authentication in Apache Axis2
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
GHSA-66RX-GQX3-P98M Improper Authentication in Apache Axis2
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...
Oracle NoSQL Database Enterprise Server-Side Request Forgery (October 2019 CPU)
The version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic...
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...