CVE-2010-1632

critical

Description

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

References

https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf

https://issues.apache.org/jira/browse/GERONIMO-5383

https://issues.apache.org/jira/browse/AXIS2-4450

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984

http://www.vupen.com/english/advisories/2010/1531

http://www.vupen.com/english/advisories/2010/1528

http://www.securitytracker.com/id/1036901

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765

http://www-01.ibm.com/support/docview.wss?uid=swg21433581

http://secunia.com/advisories/41025

http://secunia.com/advisories/41016

http://secunia.com/advisories/40279

http://secunia.com/advisories/40252

http://markmail.org/message/e4yiij7lfexastvl

http://geronimo.apache.org/22x-security-report.html

http://geronimo.apache.org/21x-security-report.html

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

Details

Source: Mitre, NVD

Published: 2010-06-22

Updated: 2017-07-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical