CVE-2019-0227

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-0227

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0227.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-0227

Aliases

GHSA-h9gj-rqrw-x4fq

Related

UBUNTU-CVE-2019-0227

Published

2019-05-01T21:29:00Z

Modified

2024-08-01T07:52:01.548491Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

References

Affected packages

Debian:11 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28

1.4-28+deb11u1

1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28

1.4-28+deb12u1

1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4-28

1.4-29

Ecosystem specific

{
    "urgency": "unimportant"
}