CVE-2019-0227

 

Published at: - 01-05-2019 11:29

Last modified: - 25-07-2022 08:15

Total changes: - 11

Description

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• [announce] 20200131 Apache Software Foundation Security Report: 2019-Mailing List, Vendor Advisory
• N/A-Patch, Third Party Advisory
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• [axis-java-user] 20210928 [Axis2] Migration Issues-Mailing List, Vendor Advisory
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• N/A-

 

Keywords

NVD

 

CVE-2019-0227

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures