CVE-2019-0227

Exploit

EPSS 90.74%
Published 01.05.2019 21:29:00
Last modified 08.05.2025 18:13:51
Source security@apache.org
Teams watchlist Login
Open Login

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Axis Version1.4

Oracle ≫ Agile Engineering Data Management Version6.2.1.0

Oracle ≫ Agile Product Lifecycle Management Version9.3.3

Oracle ≫ Application Testing Suite Version13.2.0.1

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Big Data Discovery Version1.6

Oracle ≫ Communications Asap Cartridges Version7.2

Oracle ≫ Communications Asap Cartridges Version7.3

Oracle ≫ Communications Design Studio Version7.3.4.3.0

Oracle ≫ Communications Design Studio Version7.3.5.5.0

Oracle ≫ Communications Design Studio Version7.4.0.4.0

Oracle ≫ Communications Design Studio Version7.4.1.1.0

Oracle ≫ Communications Element Manager Version8.0.0

Oracle ≫ Communications Element Manager Version8.1.0

Oracle ≫ Communications Element Manager Version8.1.1

Oracle ≫ Communications Element Manager Version8.2.0

Oracle ≫ Communications Network Integrity Version7.3.5

Oracle ≫ Communications Network Integrity Version7.3.6

Oracle ≫ Communications Order And Service Management Version7.3.0.0.0

Oracle ≫ Communications Order And Service Management Version7.4

Oracle ≫ Communications Session Report Manager Version8.0.0

Oracle ≫ Communications Session Report Manager Version8.1.0

Oracle ≫ Communications Session Report Manager Version8.1.1

Oracle ≫ Communications Session Report Manager Version8.2.0

Oracle ≫ Communications Session Route Manager Version8.0.0

Oracle ≫ Communications Session Route Manager Version8.1.0

Oracle ≫ Communications Session Route Manager Version8.1.1

Oracle ≫ Communications Session Route Manager Version8.2.0

Oracle ≫ Endeca Information Discovery Studio Version3.2.0

Oracle ≫ Enterprise Manager Base Platform Version12.1.0.5

Oracle ≫ Enterprise Manager Base Platform Version13.3.0.0

Oracle ≫ Enterprise Manager For Fusion Middleware Version12.1.0.5

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3 <= 7.3.5

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0 <= 8.0.8

Oracle ≫ Financial Services Compliance Regulatory Reporting Version >= 8.0.6 <= 8.0.8

Oracle ≫ Financial Services Funds Transfer Pricing Version >= 8.0.2 <= 8.0.7

Oracle ≫ Flexcube Core Banking Version11.7.0

Oracle ≫ Flexcube Core Banking Version11.8.0

Oracle ≫ Flexcube Core Banking Version11.9.0

Oracle ≫ Flexcube Core Banking Version11.10.0

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Hospitality Guest Access Version4.2.0

Oracle ≫ Hospitality Guest Access Version4.2.1

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Internet Directory Version12.2.1.3.0

Oracle ≫ Internet Directory Version12.2.1.4.0

Oracle ≫ Knowledge Version >= 8.6.0 <= 8.6.3

Oracle ≫ Peoplesoft Enterprise Human Capital Management Human Resources Version7.3.5

Oracle ≫ Peoplesoft Enterprise Human Capital Management Human Resources Version7.3.6

Oracle ≫ Peoplesoft Enterprise Human Capital Management Human Resources Version9.2

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Policy Automation Connector For Siebel Version10.4.6

Oracle ≫ Primavera Gateway Version16.2.11

Oracle ≫ Primavera Gateway Version17.12.6

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version16.1

Oracle ≫ Primavera Unifier Version16.2

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Rapid Planning Version12.1

Oracle ≫ Rapid Planning Version12.2

Oracle ≫ Real-time Decision Server Version3.2.1.0

Oracle ≫ Retail Order Broker Version15.0

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Order Broker Version18.0

Oracle ≫ Retail Xstore Point Of Service Version7.1

Oracle ≫ Secure Global Desktop Version5.4

Oracle ≫ Secure Global Desktop Version5.5

Oracle ≫ Siebel Ui Framework Version <= 21.0

Oracle ≫ Tuxedo Version12.1.1.0.0

Oracle ≫ Tuxedo Version12.1.3

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	90.74%	0.996

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.4	5.5	6.4	AV:A/AC:M/Au:N/C:P/I:P/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.oracle.com/security-alerts/cpujan2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory