Remote Code Execution

Affecting org.apache.axis:axis-rt-core artifact, versions [,1.4.1)

Do your applications use this vulnerable package? Test your applications

Overview

org.apache.axis:axis-rt-core is a reliable and stable base on which to implement Java Web services.

Affected versions of this package are vulnerable to Remote Code Execution due to an expired hard coded domain that was used in a default example service as part of the default install.

Remediation

Upgrade org.apache.axis:axis-rt-core to version 1.4.1 or higher.

References

CVSS Score

8.2
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Changed
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C
Credit
Rhino Security Labs
CVE
CVE-2019-0227
CWE
CWE-547
Snyk ID
SNYK-JAVA-ORGAPACHEAXIS-174173
Disclosed
09 Apr, 2019
Published
14 Apr, 2019