CVE-2019-0227

high-risk
Published 2019-05-01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Do I need to act?

!
89.8% chance of exploitation in next 30 days
EPSS score — higher than 10% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
46682
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Axis
Communications Design Studio
Communications Design Studio
Communications Design Studio
Communications Design Studio
Communications Order And Service Management
Communications Order And Service Management

Affected Vendors

Apache Oracle

References (26)

https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660...
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0...
Exploit https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-...
https://security.netapp.com/advisory/ntap-20240621-0006/
Patch https://www.oracle.com/security-alerts/cpuApr2021.html
Patch https://www.oracle.com/security-alerts/cpuapr2020.html
Patch https://www.oracle.com/security-alerts/cpuapr2022.html
Patch https://www.oracle.com/security-alerts/cpujan2020.html
Patch https://www.oracle.com/security-alerts/cpujan2021.html
Patch https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
Patch https://www.oracle.com/security-alerts/cpuoct2021.html
Patch https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660...
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0...
Exploit https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-...
https://security.netapp.com/advisory/ntap-20240621-0006/
Patch https://www.oracle.com/security-alerts/cpuApr2021.html
Patch https://www.oracle.com/security-alerts/cpuapr2020.html
Patch https://www.oracle.com/security-alerts/cpuapr2022.html
and 6 more references
68
/ 100
high-risk
Severity 20/34 · Moderate
Exploitability 20/34 · Moderate
Exposure 28/34 · Critical