| Package | axis |
|---|---|
| Version | 1.4-21+deb8u1 (jessie) |
| Related CVEs | CVE-2018-8032 CVE-2023-40743 |
Two vulnerabilities were discovered in Apache Axis, an XML-based web service framework for Java.
CVE-2018-8032: Fix a cross-site scripting (XSS) attack in the default servlet/services. (#905328)
CVE-2023-40743: Fix an issue in ServiceFactory.getService that allowed
potentially dangerous lookup mechanisms. When passing untrusted input to this
API method, this could have exposed the application to DoS, SSRF and even
attacks leading to remote code execution. (#1051288)
For Debian 8 jessie, these problems have been fixed in version 1.4-21+deb8u1.
We recommend that you upgrade your axis packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.