返回 CVE 瀏覽器

CVE-2010-1632

HIGH

7.5

CVSS Severity Score

EPSS Score0.0490%

EPSS Percentile25.38th

Published2010年6月22日

Last Modified2026年4月29日

Vulnerability Description

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Affected Platforms (CPE)

📦

Apache

Axis2

<= 1.5.1

📦

Apache

Axis2

= 1.3

📦

Apache

Axis2

= 1.4

📦

Apache

Axis2

= 1.4.1

📦

Apache

Axis2

= 1.5

References & Advisories

🔗 http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

🔗 http://geronimo.apache.org/21x-security-report.html

🔗 http://geronimo.apache.org/22x-security-report.html

🔗 http://markmail.org/message/e4yiij7lfexastvl

🔗 http://secunia.com/advisories/40252

🔗 http://secunia.com/advisories/40279

🔗 http://secunia.com/advisories/41016

🔗 http://secunia.com/advisories/41025

相關漏洞威脅

CVE-2010-021910.0

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de...

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-193609.8

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax...

CVE-2019-02277.5

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur...