CVE-2023-40743

Published: 5 September 2023

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

Priority

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package	Release	Status
axis Launchpad, Ubuntu, Debian	bionic	Released (1.4-25ubuntu0.1~esm1) Available with Ubuntu Pro
	focal	Released (1.4-28+deb10u1build0.20.04.1)
	jammy	Released (1.4-28+deb10u1build0.22.04.1)
	lunar	Released (1.4-28+deb10u1build0.23.04.1)
	mantic	Released (1.4-28+deb10u1build0.23.10.1)
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Released (1.4-24ubuntu0.1~esm1) Available with Ubuntu Pro

Severity score breakdown

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051288

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›