Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. References: https://issues.apache.org/jira/browse/AXIS-2924 http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E
Created axis tracking bugs for this issue: Affects: fedora-27 [bug 1611836]
Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1831943