CVE-2019-0227

Name of the Vulnerable Software and Affected Versions Apache Axis version 1.4

Description The issue is related to insufficient validation of incoming requests, which can allow a remote attacker to perform a Server Side Request Forgery (SSRF) attack. The vulnerability affects the Apache Axis 1.4 distribution, which was last released in 2006.

Recommendations For Apache Axis version 1.4, legacy users are encouraged to build from source to address the issue. As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available. Note that the successor to Axis 1.x, Axis2, with its latest version 1.7.9, is not vulnerable to this issue. At the moment, there is no information about a newer version of Apache Axis 1.4 that contains a fix for this vulnerability.