org.apache.axis:axis@1.4 vulnerabilities
latest version
1.4
first published
19 years ago
latest version published
19 years ago
licenses detected
- [1.4,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.apache.axis:axis package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.apache.axis:axis is a implementation of the SOAP ("Simple Object Access Protocol") submission to W3C. Affected versions of this package are vulnerable to Remote Code Execution. due to an expired hard coded domain used in a default example service as part of the default install. How to fix Remote Code Execution? There is no fixed version for | [0,) |
Apache Axis is an open-source, XML based Web service framework. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to not escaping namespace URIs. How to fix Cross-site Scripting (XSS)? A fix has been merged to the master branch but not yet published. | [0,1.4] |
org.apache.axis:axis is an implementation of the SOAP ("Simple Object Access Protocol") submission to W3C. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It does not verify the requesting server's hostname agains existing domain names in the SSL Certificate. How to fix Man-in-the-Middle (MitM)? There is no fixed version for | [0,) |
org.apache.axis:axis is an implementation of the SOAP ("Simple Object Access Protocol") submission to W3C. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It does not verify the requesting server's hostname against existing domain names in the SSL Certificate. How to fix Man-in-the-Middle (MitM)? There is no fixed version for | [0,) |