Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-1632

Опубликовано: 22 июн. 2010
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
Версия до 1.5.1 (включая)
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
Версия до 1.5.1 (включая)
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
Версия до 1.5.1 (включая)
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
Версия до 1.5.1 (включая)
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
Версия до 1.5.1 (включая)
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.08542
Низкий

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2010-1632

ubuntu
около 15 лет назад

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

redhat логотип

CVE-2010-1632

redhat
около 16 лет назад

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

debian логотип

CVE-2010-1632

debian
около 15 лет назад

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...

github логотип

GHSA-23vv-v25h-qwqw

github
около 3 лет назад

Improper Input Validation in Apache Axis2

EPSS

Процентиль: 92%
0.08542
Низкий

7.5 High

CVSS2

Дефекты

CWE-20