Improper Input Validation

Apache Axis is vulnerable to Improper Input Validation. The vulnerability is caused due to improper input validation in the getService method within ServiceFactory.java. This can potentially lead to Denial of Service, Server Side request forgery, or Remote Code Execution attacks...

Server Side Request Forgery (SSRF)

org.apache.axis: axis is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to the getService function within ServiceFactory.java because there is no validation for the jndiName. This allows users with access to the admin service to perform possible SSRF...

Important: axis

Issue Overview: UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted...

GHSA-RMQP-9W4C-GC7W Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...

Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SS...