CVE-2019-0227
Published May 1, 2019
Last updated 5 months ago
Overview
- Description
- A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
- Source
- security@apache.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.4
- Impact score
- 6.4
- Exploitability score
- 5.5
- Vector string
- AV:A/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-918
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23200FEC-5AD3-42A1-9161-1F8BBBA11E38"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64"
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8454A130-2E9B-4528-A24D-1B3D0FFCC860"
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B"
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"
},
{
"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E"
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4CE3535-FC9D-4FB2-8739-19E7477B07FF"
},
{
"criteria": "cpe:2.3:a:oracle:communications_asap_cartridges:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58A06A98-0374-4B56-9045-D939F30BF479"
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "313F42E5-1BBB-4773-A153-B114C3FDF701"
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC75FE72-6C3F-428E-9C9A-60982455238B"
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B370B017-2E3B-438B-86B9-EEF70E3A5D3A"
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63C81E5E-3C53-4731-96C3-0F5767874B11"
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8"
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E"
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162"
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126"
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B"
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB472856-38AB-4062-B752-E204B177DE72"
},
{
"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7"
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36E39918-B2D6-43F0-A607-8FD8BFF6F340"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109"
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14480702-4398-4C28-82A6-E7329FB3B650"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
"versionEndIncluding": "7.3.5",
"versionStartIncluding": "7.3.3"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6E8C634-FC3E-418F-8D7D-B71E1A3E2DBE",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_compliance_regulatory_reporting:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DDD1A52-5794-4837-847C-E5F073330774",
"versionEndIncluding": "8.0.8",
"versionStartIncluding": "8.0.6"
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "547D042E-51DE-430D-B4BA-F0698646BC80",
"versionEndIncluding": "8.0.7",
"versionStartIncluding": "8.0.2"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68F2A706-3250-4026-9498-CB4B38B23CEC"
},
{
"criteria": "cpe:2.3:a:oracle:internet_directory:12.2.1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7360EC9B-814F-4FF5-AA9D-9E55A380B2C5"
},
{
"criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
"versionEndIncluding": "8.6.3",
"versionStartIncluding": "8.6.0"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:7.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E4BF4AC-3470-490E-B8FB-E072743D074A"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:7.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD46F1BE-BDDC-43A5-87C5-BFB693673489"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_human_resources:9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "344A3A9E-3113-4096-B9F8-CA0AD705242B"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DFB9704-6B99-4113-8537-E4AE0F791B86"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3"
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B"
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0"
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780"
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E"
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D"
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2"
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249"
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAC9E8DC-5139-4420-9BD6-0B5F2FA3150E",
"versionEndIncluding": "21.0"
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92A6A7BA-CCE6-426F-8434-7A578A245180"
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBC28867-E828-4ABC-BE7B-3E5C2E826879"
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"
}
],
"operator": "OR"
}
]
}
]