Apache Axis
7 CVEs affecting Apache Axis. Latest disclosed: 2024-01-06. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40743 | Critical | 9.8 | 2023-09-05 | ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFact… |
CVE-2019-0227 | High | 7.5 | 2019-05-01 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits c… |
CVE-2023-51441 | High | 7.2 | 2024-01-06 | ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF … |
CVE-2018-8032 | Medium | 6.1 | 2018-08-02 | Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. |
CVE-2014-3596 | | 2014-08-27 | The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or… | |
CVE-2012-5784 | | 2012-11-04 | Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in… | |
CVE-2007-2353 | | 2007-04-30 | Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resu… |