{"id":"CVE-2023-51441","details":"** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF\nThis issue affects Apache Axis: through 1.3.\n\nAs Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from  https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06  applied. The Apache Axis project does not expect to create an Axis 1.x release \nfixing this problem, though contributors that would like to work towards\n this are welcome.\n\n","aliases":["GHSA-hr2c-p8rh-238h"],"modified":"2026-04-12T06:44:58.870277Z","published":"2024-01-06T12:15:42.997Z","related":["SUSE-SU-2024:0851-1","SUSE-SU-2024:0852-1","openSUSE-SU-2024:13659-1"],"references":[{"type":"FIX","url":"https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06"},{"type":"FIX","url":"https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/axis-axis1-java","events":[{"introduced":"0"},{"last_affected":"18eca4b9835f84f4208772e164c86669e47a8a03"},{"fixed":"685c309febc64aa393b2d64a05f90e7eb9f73e06"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3"}]}}],"versions":["1.3"],"database_specific":{"vanir_signatures_modified":"2026-04-12T06:44:58Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51441.json","vanir_signatures":[{"digest":{"length":1076,"function_hash":"161160313230098078489763587029481210102"},"id":"CVE-2023-51441-5b7d340c","source":"https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06","deprecated":false,"target":{"function":"getService","file":"axis-rt-core/src/main/java/org/apache/axis/client/ServiceFactory.java"},"signature_type":"Function","signature_version":"v1"},{"digest":{"line_hashes":["26434549728962744336481821101478524324","216585420375829358243775026091412444872","146181473248716451035113682811798281950","201618453429055515631509454256710710217","248039331516895908668315728166914382666","37921761454406861802539796240313872899","240875880600203567366555604319701489762","313840964701241501718335840874855727223","139643275528754068793148914314370692638","312370538263353700415937499163480784001","47752315233520453246327495403743032907","12028879795223648933526132773869190459","313551125448531415526556704412024824408"],"threshold":0.9},"id":"CVE-2023-51441-a3368dc0","source":"https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06","deprecated":false,"target":{"file":"axis-rt-core/src/main/java/org/apache/axis/client/ServiceFactory.java"},"signature_type":"Line","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}