Org.apache.axis:axis
This hub aggregates every CVE we track for Org.apache.axis:axis, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM3HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Org.apache.axis:axis.
- CVE-2023-51441Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API7.2
- CVE-2023-40743Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService9.8
- CVE-2019-0227A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subve...7.5
- CVE-2018-8032Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.6.1
- CVE-2014-3596The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert...5.8
- CVE-2012-5784Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, ...5.8
Product normalization is registry-driven with AI assist and human review. How it works