CVE-2019-0227: A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits…

high7.5CVSS 3.1

AVAACHPRNUINSUCHIHAH

EXPLOIT

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Affected

79 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	apache_axis_1.4	—	—
apache	axis	—	—
debian	axis	—	—
oracle	agile_engineering_data_management	—	—
oracle	agile_product_lifecycle_management	—	—
oracle	application_testing_suite	—	—
oracle	application_testing_suite	—	—
oracle	big_data_discovery	—	—
oracle	communications_asap_cartridges	—	—
oracle	communications_asap_cartridges	—	—
oracle	communications_design_studio	—	—
oracle	communications_design_studio	—	—
oracle	communications_design_studio	—	—
oracle	communications_design_studio	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_network_integrity	—	—
oracle	communications_network_integrity	—	—
oracle	communications_order_and_service_management	—	—
oracle	communications_order_and_service_management	—	—
oracle	communications_session_report_manager	—	—
oracle	communications_session_report_manager	—	—
oracle	communications_session_report_manager	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

osv7.5HIGH