Axis Security Vulnerabilities and Issues — Axis CVE List

ApacheAxis

7 matches found

CVE•added 2023/09/05 2:42 p.m.•2556 views

CVE-2023-40743

Apache Axis 1.x is affected by CVE-2023-40743 due to unsafe handling in ServiceFactory.getService, which can enable DoS, SSRF, and remote code execution when untrusted input is used. The issue arises from LDAP-like lookups via the API. Mitigation is to migrate to a maintained SOAP engine (e.g., A...

9.8CVSS9.4AI score0.00707EPSS

CVE•added 2019/05/01 8:3 p.m.•275 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.89877EPSS

Web

CVE•added 2018/08/02 1:0 p.m.•249 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.01707EPSS

CVE•added 2012/11/04 10:0 p.m.•242 views

CVE-2012-5784

The CVE-2012-5784 issue concerns Apache Axis 1.4 and earlier, where the getCN/subjectAltName validation is missing, allowing MITM with arbitrary valid certificates. The flaw affects Axis-based components (e.g., PayPal-related integrations and JMS in ActiveMQ) and has led to multiple advisories (i...

5.8CVSS6.2AI score0.01566EPSS

CVE•added 2014/08/27 12:0 a.m.•190 views

CVE-2014-3596

CVE-2014-3596 affects Apache Axis 1.4 and earlier. The getCN function fails to properly verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling a man-in-the-middle to spoof SSL servers using a crafted certificate. Public advisories confirm this is...

5.8CVSS6.3AI score0.01566EPSS

CVE•added 2024/01/06 11:59 a.m.•130 views

CVE-2023-51441

CVE-2023-51441 is an Improper Input Validation vulnerability in Apache Axis (Axis1) that allows SSRF via the admin HTTP API. Public sources in connected documents indicate Axis 1.x is End-Of-Life (through 1.3) and no Axis1.x fix is expected; remediation centers on migrating to a different SOAP en...

7.2CVSS6.8AI score0.00075EPSS

CVE•added 2007/04/30 10:0 p.m.•58 views

CVE-2007-2353

Apache Axis 1.0 is affected. The vulnerability allows remote attackers to obtain the installation path by requesting a non-existent WSDL file, which yields an exception message that leaks sensitive information. This is a information-disclosure issue with a partial impact disclosure as described; ...

5CVSS6AI score0.04347EPSS