CVE-2019-0227 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-0227 PUBLISHED

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.

EPSS 90.01% · 99.6th percentile

Risk Scores

EPSS Score

90.01%

99.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:24.04:LTS	axis	0, 1.4-28, 1.4-29
Ubuntu:Pro:16.04:LTS	axis	1.4-24, 0, 1.4-24ubuntu0.1~esm1
Ubuntu:22.04:LTS	axis	1.4-28+deb10u1build0.22.04.1, 0, 1.4-28
Ubuntu:Pro:18.04:LTS	axis	0, 1.4-25ubuntu0.1~esm1, 1.4-25
Ubuntu:25.10	axis	1.4-29, 0
Ubuntu:20.04:LTS	axis	1.4-28, 0, 1.4-28+deb10u1build0.20.04.1

Timeline

Apr 9, 2019 PoC Published
May 1, 2019 CVE Published
Apr 14, 2021 EPSS Score
Sep 29, 2021 EPSS Score
Oct 21, 2021 EPSS Score
Apr 20, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 22, 2024 EPSS Score
May 12, 2024 EPSS Score
May 29, 2024 EPSS Score
Jun 22, 2024 EPSS Score
Aug 9, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2019-0227 third-party-advisory
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2019-0227 third-party-advisory

Open in Interactive Console →