CVE-2023-51441

CWE-918Server-Side Request Forgery (SSRF)CWE-20Improper Input Validation7 documents6 sources
Severity
7.2HIGH
EPSS
0.1%
top 80.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AxisApache Axis
Timeline
PublishedJan 6
Latest updateApr 15

Description

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

NVDapache/axis1.3
Mavenaxis:axis1.3

Patches

Patch: github.comPatch: lists.apache.orgPatch: github.com

🔴Vulnerability Details

4
CVEList
Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API2024-01-06
OSV
CVE-2023-51441: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possi2024-01-06
OSV
Apache Axis Improper Input Validation vulnerability2024-01-06
GHSA
Apache Axis Improper Input Validation vulnerability2024-01-06

📋Vendor Advisories

2
Oracle
Oracle Oracle Food and Beverage Applications Risk Matrix: Reporting (Apache Axis) — CVE-2023-514412025-04-15
Debian
CVE-2023-51441: axis - ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apach...2023
CVE-2023-51441 (HIGH CVSS 7.2) | ** UNSUPPORTED WHEN ASSIGNED ** Imp | cvebase.io