CVE-2019-0227

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Published: May 1, 2019
Updated: Nov 8, 2023
CVE: CVE-2019-0227
GHSA: GHSA-h9gj-rqrw-x4fq
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.4
AV:A/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
apache / axis	1.4	1.4.x
oracle / flexcube_private_banking	12.1.0	12.1.0.x
oracle / primavera_unifier	16.2	16.2.x
oracle / peoplesoft_enterprise_human_capital_management_human_resources	9.2	9.2.x
oracle / retail_xstore_point_of_service	7.1	7.1.x
oracle / enterprise_manager_base_platform	12.1.0.5	12.1.0.5.x
oracle / flexcube_private_banking	12.0.0	12.0.0.x
oracle / primavera_unifier	16.1	16.1.x
oracle / peoplesoft_enterprise_peopletools	8.56	8.56.x
oracle / hospitality_guest_access	4.2.0	4.2.0.x
oracle / hospitality_guest_access	4.2.1	4.2.1.x
oracle / tuxedo	12.1.3	12.1.3.x
oracle / internet_directory	12.2.1.3.0	12.2.1.3.0.x
oracle / webcenter_portal	12.2.1.3.0	12.2.1.3.0.x
oracle / communications_order_and_service_management	7.3.0.0.0	7.3.0.0.0.x
oracle / flexcube_core_banking	11.7.0	11.7.0.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / application_testing_suite	13.2.0.1	13.2.0.1.x
oracle / application_testing_suite	13.3.0.1	13.3.0.1.x
oracle / secure_global_desktop	5.4	5.4.x
oracle / retail_order_broker	15.0	15.0.x
oracle / retail_order_broker	16.0	16.0.x
oracle / primavera_unifier	18.8	18.8.x
oracle / enterprise_manager_for_fusion_middleware	12.1.0.5	12.1.0.5.x
oracle / policy_automation_connector_for_siebel	10.4.6	10.4.6.x
oracle / primavera_unifier	17.7	17.12.x
oracle / financial_services_analytical_applications_infrastructure	7.3.3	7.3.5.x
oracle / endeca_information_discovery_studio	3.2.0	3.2.0.x
oracle / instantis_enterprisetrack	17.1	17.1.x
oracle / instantis_enterprisetrack	17.2	17.2.x
oracle / instantis_enterprisetrack	17.3	17.3.x
oracle / tuxedo	12.1.1.0.0	12.1.1.0.0.x
oracle / enterprise_manager_base_platform	13.3.0.0	13.3.0.0.x
oracle / knowledge	8.6.0	8.6.3.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / primavera_unifier	19.12	19.12.x
oracle / secure_global_desktop	5.5	5.5.x
oracle / rapid_planning	12.1	12.1.x
oracle / rapid_planning	12.2	12.2.x
oracle / communications_element_manager	8.2.0	8.2.0.x
oracle / communications_element_manager	8.1.1	8.1.1.x
oracle / communications_element_manager	8.1.0	8.1.0.x
oracle / communications_element_manager	8.0.0	8.0.0.x
oracle / agile_engineering_data_management	6.2.1.0	6.2.1.0.x
oracle / communications_session_report_manager	8.1.1	8.1.1.x
oracle / communications_session_report_manager	8.2.0	8.2.0.x
oracle / communications_session_route_manager	8.1.1	8.1.1.x
oracle / communications_session_route_manager	8.2.0	8.2.0.x
oracle / primavera_gateway	16.2.11	16.2.11.x
oracle / primavera_gateway	17.12.6	17.12.6.x
oracle / communications_session_route_manager	8.0.0	8.0.0.x
oracle / communications_session_route_manager	8.1.0	8.1.0.x
oracle / communications_session_report_manager	8.0.0	8.0.0.x
oracle / communications_session_report_manager	8.1.0	8.1.0.x
oracle / communications_asap_cartridges	7.2	7.2.x
oracle / communications_asap_cartridges	7.3	7.3.x
oracle / financial_services_compliance_regulatory_reporting	8.0.6	8.0.8.x
oracle / communications_order_and_service_management	7.4	7.4.x
oracle / communications_network_integrity	7.3.5	7.3.5.x
oracle / communications_network_integrity	7.3.6	7.3.6.x
oracle / real-time_decision_server	3.2.1.0	3.2.1.0.x
oracle / retail_order_broker	18.0	18.0.x
oracle / big_data_discovery	1.6	1.6.x
oracle / communications_design_studio	7.4.1.1.0	7.4.1.1.0.x
oracle / communications_design_studio	7.3.4.3.0	7.3.4.3.0.x
oracle / communications_design_studio	7.3.5.5.0	7.3.5.5.0.x
oracle / financial_services_analytical_applications_infrastructure	8.0.0	8.0.8.x
oracle / financial_services_funds_transfer_pricing	8.0.2	8.0.7.x
oracle / communications_design_studio	7.4.0.4.0	7.4.0.4.0.x
oracle / peoplesoft_enterprise_human_capital_management_human_resources	7.3.5	7.3.5.x
oracle / peoplesoft_enterprise_human_capital_management_human_resources	7.3.6	7.3.6.x
oracle / flexcube_core_banking	11.8.0	11.8.0.x
oracle / flexcube_core_banking	11.10.0	11.10.0.x
oracle / siebel_ui_framework	-	21.0.x
oracle / flexcube_core_banking	11.9.0	11.9.0.x
oracle / internet_directory	12.2.1.4.0	12.2.1.4.0.x
org.apache.axis / axis	-	1.4.x
oracle / agile_product_lifecycle_management	9.3.3	9.3.3.x

Vulnerability Database

289,599

CVE-2019-0227