Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 10 results


CVE-2023-51441

Medium priority
Needs evaluation

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-40743

Medium priority
Fixed

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-0227

Low priority
Vulnerable

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-8032

Medium priority
Needs evaluation

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2012-6107

Low priority
Ignored

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an...

1 affected packages

axis2c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis2c Not in release Not in release
Show less packages

CVE-2014-3596

Low priority
Ignored

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis
Show less packages

CVE-2012-5784

Low priority
Ignored

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis Not affected
Show less packages

CVE-2010-1632

Medium priority
Ignored

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE,...

1 affected packages

axis2c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis2c
Show less packages

CVE-2010-2103

Low priority
Ignored

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and...

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis
Show less packages

CVE-2007-2353

Unknown priority
Ignored

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.

1 affected packages

axis

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
axis
Show less packages