Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Axis 1.x (EOL) may allow SSRF when untrusted input is passed to the service admin HTTP API
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Apache Axis 输入验证错误漏洞
Vulnerability Description
Apache Axis是美国阿帕奇(Apache)基金会的一个开源、基于XML的Web服务架构。该产品包含了Java和C++语言实现的SOAP服务器,以及各种公用服务及API,以生成和部署Web服务应用。 Apache Axis 1.3及之前版本存在输入验证错误漏洞,该漏洞源于存在不正确输入验证,允许有权访问管理服务的用户执行可能的服务器端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A