Vulnerabilites related to apache - tuscany
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67517877-5475-4CDA-A634-4CDE447D41D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD46A81-A6D2-4754-A605-B404CF458BA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12E8E133-63B2-4B89-BCE9-2BE9DDB010EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1D6C8-B442-4DD2-8988-4DC7A7FDC7AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."
},
{
"lang": "es",
"value": "Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n, enviar peticiones HTTP a servidores de la intranet o provocar una denegaci\u00f3n de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaraci\u00f3n de entidad en una petici\u00f3n a Synapse SimpleStockQuoteService."
}
],
"id": "CVE-2010-1632",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-22T20:30:01.493",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"source": "secalert@redhat.com",
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40252"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40279"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41016"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41025"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036901"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"source": "secalert@redhat.com",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"source": "secalert@redhat.com",
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-1632 (GCVE-0-2010-1632)
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name": "PM14844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"name": "ADV-2010-1528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"name": "PM14765",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"name": "ADV-2010-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"name": "PM14847",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "1036901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"name": "41016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"name": "40279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name": "40252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name": "PM14844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"name": "ADV-2010-1528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"name": "PM14765",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"name": "ADV-2010-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"name": "PM14847",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "1036901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"name": "41016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"name": "40279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name": "40252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1632",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}