[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-51441/axis

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75722474 by Salvatore Bonaccorso at 2024-01-06T20:53:05+01:00
Add CVE-2023-51441/axis

- - - - -
a4ef4d5f by Salvatore Bonaccorso at 2024-01-06T20:53:52+01:00
Mark CVE-2023-51441/axis as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20633,6 +20633,12 @@ CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine
 	NOT-FOR-US: OAS Engine
 CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...)
 	NOT-FOR-US: PHP-Fusion
+CVE-2023-51441 [SSRF when untrusted input is passed to the service admin HTTP API]
+	- axis <unfixed>
+	[bookworm] - axis <no-dsa> (Minor issue)
+	[bullseye] - axis <no-dsa> (Minor issue)
+	NOTE: https://www.openwall.com/lists/oss-security/2024/01/05/2
+	NOTE: Fixed by: https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06
 CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
 	{DLA-3622-1}
 	- axis 1.4-29 (bug #1051288)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9be1582f222e70dcacee434e36cbf51b757e69d8...a4ef4d5f6d73afa61e4d2830509483c2e64cb5e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9be1582f222e70dcacee434e36cbf51b757e69d8...a4ef4d5f6d73afa61e4d2830509483c2e64cb5e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240106/ee490619/attachment.htm>