CVE-2010-1632

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
Link Resource
http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
http://geronimo.apache.org/21x-security-report.html
http://geronimo.apache.org/22x-security-report.html
http://markmail.org/message/e4yiij7lfexastvl
http://secunia.com/advisories/40252 Vendor Advisory
http://secunia.com/advisories/40279 Vendor Advisory
http://secunia.com/advisories/41016
http://secunia.com/advisories/41025
http://www-01.ibm.com/support/docview.wss?uid=swg21433581
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847
http://www.securitytracker.com/id/1036901
http://www.vupen.com/english/advisories/2010/1528 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1531 Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984
https://issues.apache.org/jira/browse/AXIS2-4450
https://issues.apache.org/jira/browse/GERONIMO-5383
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
http://geronimo.apache.org/21x-security-report.html
http://geronimo.apache.org/22x-security-report.html
http://markmail.org/message/e4yiij7lfexastvl
http://secunia.com/advisories/40252 Vendor Advisory
http://secunia.com/advisories/40279 Vendor Advisory
http://secunia.com/advisories/41016
http://secunia.com/advisories/41025
http://www-01.ibm.com/support/docview.wss?uid=swg21433581
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844
http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847
http://www.securitytracker.com/id/1036901
http://www.vupen.com/english/advisories/2010/1528 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1531 Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984
https://issues.apache.org/jira/browse/AXIS2-4450
https://issues.apache.org/jira/browse/GERONIMO-5383
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
OR cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:14

Type Values Removed Values Added
References () http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html - () http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html -
References () http://geronimo.apache.org/21x-security-report.html - () http://geronimo.apache.org/21x-security-report.html -
References () http://geronimo.apache.org/22x-security-report.html - () http://geronimo.apache.org/22x-security-report.html -
References () http://markmail.org/message/e4yiij7lfexastvl - () http://markmail.org/message/e4yiij7lfexastvl -
References () http://secunia.com/advisories/40252 - Vendor Advisory () http://secunia.com/advisories/40252 - Vendor Advisory
References () http://secunia.com/advisories/40279 - Vendor Advisory () http://secunia.com/advisories/40279 - Vendor Advisory
References () http://secunia.com/advisories/41016 - () http://secunia.com/advisories/41016 -
References () http://secunia.com/advisories/41025 - () http://secunia.com/advisories/41025 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21433581 - () http://www-01.ibm.com/support/docview.wss?uid=swg21433581 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 - () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844 - () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844 -
References () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847 - () http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847 -
References () http://www.securitytracker.com/id/1036901 - () http://www.securitytracker.com/id/1036901 -
References () http://www.vupen.com/english/advisories/2010/1528 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1528 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1531 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1531 - Vendor Advisory
References () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984 - () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984 -
References () https://issues.apache.org/jira/browse/AXIS2-4450 - () https://issues.apache.org/jira/browse/AXIS2-4450 -
References () https://issues.apache.org/jira/browse/GERONIMO-5383 - () https://issues.apache.org/jira/browse/GERONIMO-5383 -
References () https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf - () https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf -

Information

Published : 2010-06-22 20:30

Updated : 2024-11-21 01:14


NVD link : CVE-2010-1632

Mitre link : CVE-2010-1632

CVE.ORG link : CVE-2010-1632


JSON object : View

Products Affected

ibm

  • websphere_application_server

apache

  • geronimo
  • orchestration_director_engine
  • tuscany
  • synapse
  • axis2
CWE
CWE-20

Improper Input Validation