CVE-2023-51441: UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF…

high7.2CVSS 3.1

AVNACLPRHUINSUCHIHAH

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF
This issue affects Apache Axis: through 1.3.

As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release
fixing this problem, though contributors that would like to work towards
this are welcome.

Affected

3 ranges

Vendor	Product	Version range	Fixed in
apache	axis	<= 1.3	—
apache_software_foundation	apache_axis	<= 1.3	—
debian	axis	—	—

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

osv7.2HIGH

CVE-2023-51441: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF…

Affected

CVSS provenance

CVE-2023-51441: UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF…