Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) `org.apache.axis2:axis2` is a Web Services / SOAP / WSDL engine, the successor to Apache Axis SOAP stack. Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) attacks. How to fix Cross-site Scripting (XSS)? Upgrade `axis2` to version 1.7.4 or higher.	[,1.7.4)
M Session Fixation org.apache.axis2:axis2 is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. Affected versions of this package are vulnerable to Session Fixation in the administrative interface at the path `/axis2/axis2-admin`. Attacker can exploit this flaw by doing a Cross-Site Scripting (XSS) attack and get his Session cookie and perform session hijacking attack. How to fix Session Fixation? Upgrade `org.apache.axis2:axis2` to version 1.7.4 or higher.	[,1.7.4)
M Improper Certificate Validation org.apache.axis2:axis2 is a malicious package. It does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. How to fix Improper Certificate Validation? Upgrade `org.apache.axis2:axis2` to version 1.8.0 or higher.	[,1.8.0)

Go back to all versions of this package