axis:axis@1.3 vulnerabilities

An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

Direct Vulnerabilities

Known vulnerabilities in the axis:axis package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Remote Code Execution

axis:axis is a implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

Affected versions of this package are vulnerable to Remote Code Execution. due to an expired hard coded domain used in a default example service as part of the default install.

How to fix Remote Code Execution?

There is no fixed version for axis:axis.

[0,)
  • M
Cross-site Scripting (XSS)

Apache Axis is an open-source, XML based Web service framework.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to not escaping namespace URIs.

How to fix Cross-site Scripting (XSS)?

A fix has been merged to the master branch but not yet published.

[0,)
  • M
Man-in-the-Middle (MitM)

axis:axis is an implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It does not verify the requesting server's hostname agains existing domain names in the SSL Certificate.

How to fix Man-in-the-Middle (MitM)?

There is no fixed version for axis:axis.

[0,)
  • M
Man-in-the-Middle (MitM)

axis:axis is an implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It does not verify the requesting server's hostname against existing domain names in the SSL Certificate.

How to fix Man-in-the-Middle (MitM)?

There is no fixed version for axis:axis.

[0,)