org.apache.axis2:axis2
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.axis2:axis2page 1 of 1
- CVE-2012-4418NONECVSS 0.0EG 0.0✓ Fixed in 1.7.92012-10-09
vulnerable: 1.1 ... 1.7.8 (27 versions)
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
- CVE-2012-5351NONECVSS 0.0EG 0.0✓ Fixed in 1.6.42012-10-09
vulnerable: 1.1 ... 1.6.3 (17 versions)
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
- CVE-2012-5785NONECVSS 0.0EG 0.0✓ Fixed in 1.8.02012-11-04
vulnerable: 1.1 ... 1.7.9 (28 versions)
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL se…
Check whether org.apache.axis2:axis2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.axis2:axis2 CVEs against the assets you own.
Start Free Scan →