CVE-2019-0227

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-0227
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0227.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-0227
Aliases
Published
2019-05-01T21:29:00Z
Modified
2024-06-30T13:09:22.875333Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

References

Affected packages

Debian:11 / axis

Package

Name
axis
Purl
pkg:deb/debian/axis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28
1.4-28+deb11u1
1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / axis

Package

Name
axis
Purl
pkg:deb/debian/axis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28
1.4-28+deb12u1
1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / axis

Package

Name
axis
Purl
pkg:deb/debian/axis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28
1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}