CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

PT-2023-13354 · Apache · Apache Axis

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows an authenticated, remote attacker to perform a blind SSRF attack using the ws-legacy/load dtd?system id= endpoint to deploy JSP code to the Apache Axis...