CVE-2023-51441

Name of the Vulnerable Software and Affected Versions Apache Axis versions through 1.3

Description The issue is related to an Improper Input Validation vulnerability in Apache Axis, which allows users with access to the admin service to perform possible Server-Side Request Forgery (SSRF). This could potentially lead to unauthorized access to internal resources. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations As a temporary workaround, consider migrating to a different SOAP engine, such as Apache Axis 2/Java. Alternatively, use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. Note that the Apache Axis project does not expect to create an Axis 1.x release fixing this problem.