Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-0227

Опубликовано: 01 мая 2019
Источник: debian

Описание

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
axisunfixedpackage

Примечания

  • https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/

  • https://github.com/apache/axis1-java/commit/7043f1ab0397d1ae35f879f2bcc99be1e9b55644

  • StockQuoteService.jws not present in Debian binary packages

  • disclosure mentions "03/12/2019 - Apache applied SSRF patch":

  • https://github.com/RhinoSecurityLabs/CVEs/issues/1

  • https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5

Связанные уязвимости

ubuntu логотип

CVE-2019-0227

CVSS3: 7.5
ubuntu
почти 7 лет назад

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

redhat логотип

CVE-2019-0227

CVSS3: 8
redhat
почти 7 лет назад

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

nvd логотип

CVE-2019-0227

CVSS3: 7.5
nvd
почти 7 лет назад

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

github логотип

GHSA-h9gj-rqrw-x4fq

CVSS3: 7.5
github
больше 6 лет назад

Server Side Request Forgery in Apache Axis

fstec логотип

BDU:2019-04406

CVSS3: 7.5
fstec
около 7 лет назад

Уязвимость платформы веб-сервисов Apache Axis, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку