Letian Yuan

**Name of the Vulnerable Software and Affected Versions** Apache Axis versions prior to 1.4 **Description** The issue arises from insufficient input validation in the implementation of the Apache Axis web service platform, allowing potentially dangerous lookup mechanisms such as LDAP when looking up a service through `ServiceFactory.getService`. Passing untrusted input to this API method could expose the application to Denial of Service (DoS), Server-Side Request Forgery (SSRF), and even attacks leading to Remote Code Execution (RCE). **Recommendations** As a temporary workaround, consider reviewing your code to verify no untrusted or unsanitized input is passed to `ServiceFactory.getService`. Migrate to a different SOAP engine, such as Apache Axis 2/Java, to fully resolve the issue. Apply the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 as an alternative workaround.