Remote Code Execution Affecting org.apache.axis:axis-rt-core Open this link in a new tab package, versions [,1.4.1)
Do your applications use this vulnerable package?
14 Apr 2019
9 Apr 2019
Rhino Security Labs
How to fix?
org.apache.axis:axis-rt-core to version 1.4.1 or higher.
org.apache.axis:axis-rt-core is a reliable and stable base on which to implement Java Web services.
Affected versions of this package are vulnerable to Remote Code Execution due to an expired hard coded domain that was used in a default example service as part of the default install.