CVE - CVE-2010-1632

CVE-ID
CVE-2010-1632	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:PM14765 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 AIXAPAR:PM14844 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844 AIXAPAR:PM14847 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847 CONFIRM:http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html CONFIRM:http://geronimo.apache.org/21x-security-report.html CONFIRM:http://geronimo.apache.org/22x-security-report.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21433581 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984 CONFIRM:https://issues.apache.org/jira/browse/AXIS2-4450 CONFIRM:https://issues.apache.org/jira/browse/GERONIMO-5383 CONFIRM:https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf MISC:http://markmail.org/message/e4yiij7lfexastvl SECTRACK:1036901 URL:http://www.securitytracker.com/id/1036901 SECUNIA:40252 URL:http://secunia.com/advisories/40252 SECUNIA:40279 URL:http://secunia.com/advisories/40279 SECUNIA:41016 URL:http://secunia.com/advisories/41016 SECUNIA:41025 URL:http://secunia.com/advisories/41025 VUPEN:ADV-2010-1528 URL:http://www.vupen.com/english/advisories/2010/1528 VUPEN:ADV-2010-1531 URL:http://www.vupen.com/english/advisories/2010/1531
Assigning CNA
Red Hat, Inc.
Date Entry Created
20100429	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)