Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2076

Опубликовано: 19 авг. 2010
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия от 2.0.6 (включая) до 2.0.13 (исключая)
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия от 2.1 (включая) до 2.1.10 (исключая)
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.9 (исключая)

EPSS

Процентиль: 94%
0.11954
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-829

Связанные уязвимости

redhat логотип

CVE-2010-2076

redhat
больше 15 лет назад

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

github логотип

GHSA-v8q2-94f6-6xq2

github
больше 3 лет назад

Improper Input Validation in Apache CXF

EPSS

Процентиль: 94%
0.11954
Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-829