HomePentest-Tools.com Logo

Apache Axis <= 1.4 Multiple Vulnerabilities CVE-2012-5784CVE-2014-3596CVE-2018-8032CVE-2019-0227CVE-2023-40743

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache Axis is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2012-5784: SSL certificate validation security bypass - CVE-2014-3596: Insecure certificate validation - CVE-2018-8032: Cross-site scripting (XSS) in the default servlet/services - CVE-2019-0227: Server-side request forgery (SSRF) - CVE-2023-40743: Remote code execution (RCE)

Recommendation

No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. Notes: - Axis 1 has been EOL and the vendor recommend to migrate to a different SOAP engine, such as Apache Axis2/Java - Version 1.4 was released on April 22, 2006 and some of the flaws have been fixed only in the SVN repository which could be used to mitigate these flaws - The Apache Axis project does not expect to create an Axis 1.x release fixing these flaws - If the remote installation has been build from the SVN sources or is covered via backports of a Linux distribution please create an override for this result

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 4, 2012
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available