Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

N/A

服务端请求伪造(SSRF)

Apache Axis 输入验证错误漏洞

Apache Axis是美国阿帕奇（Apache）基金会的一个开源、基于XML的Web服务架构。该产品包含了Java和C++语言实现的SOAP服务器，以及各种公用服务及API，以生成和部署Web服务应用。 Apache Axis 1.3及之前版本存在输入验证错误漏洞，该漏洞源于存在不正确输入验证，允许有权访问管理服务的用户执行可能的服务器端请求伪造。

N/A

N/A