Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html - Vendor Advisory | |
References | () http://geronimo.apache.org/21x-security-report.html - Release Notes, Vendor Advisory | |
References | () http://geronimo.apache.org/22x-security-report.html - Release Notes, Vendor Advisory | |
References | () http://secunia.com/advisories/40969 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/41016 - Broken Link, Vendor Advisory | |
References | () http://secunia.com/advisories/41025 - Broken Link, Vendor Advisory | |
References | () http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf - Exploit, Vendor Advisory | |
References | () http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html - Broken Link | |
References | () http://www.securityfocus.com/bid/42492 - Broken Link, Third Party Advisory, VDB Entry | |
References | () https://issues.apache.org/jira/browse/GERONIMO-5383 - Third Party Advisory | |
References | () https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | () https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | () https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | () https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | () https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | () https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch |
15 Feb 2024, 20:22
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf - Exploit, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (SECUNIA) http://secunia.com/advisories/41016 - Broken Link, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (CONFIRM) http://geronimo.apache.org/21x-security-report.html - Release Notes, Vendor Advisory | |
References | (MLIST) http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html - Broken Link | |
References | (CONFIRM) http://geronimo.apache.org/22x-security-report.html - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://issues.apache.org/jira/browse/GERONIMO-5383 - Third Party Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (MISC) https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (MISC) https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (SECUNIA) http://secunia.com/advisories/40969 - Broken Link, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E - Mailing List, Patch | |
References | (CONFIRM) http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html - Vendor Advisory | |
References | (SECUNIA) http://secunia.com/advisories/41025 - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/42492 - Broken Link, Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:apache:cxf:2.1.7:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.8:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0:m1:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0:rc:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.9:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:2.0.8:*:*:*:*:*:*:* |
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-829 |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html - URL Repurposed |
Information
Published : 2010-08-19 18:00
Updated : 2024-11-21 01:15
NVD link : CVE-2010-2076
Mitre link : CVE-2010-2076
CVE.ORG link : CVE-2010-2076
JSON object : View
Products Affected
apache
- cxf
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere