VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1632
axis2: Apache Axis2 before 1.5.2, as used in IBM WebSphere...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1632

Original

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD,...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-22
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-23




Affected Product Tags
cpe:/a:apache:axis2:1.3
cpe:/a:apache:axis2:1.4
cpe:/a:apache:axis2:1.4.1
cpe:/a:apache:axis2:1.5
cpe:/a:apache:axis2:1.5.1 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf




CONFIRM https://issues.apache.org/jira/browse/AXIS2-4450




CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21433581




MISC http://markmail.org/message/e4yiij7lfexastvl




SECUNIA 40279




SECUNIA 40252




VUPEN ADV-2010-1531




VUPEN ADV-2010-1528




Vulnerability Type Input Validation (CWE-20)




Copyright © 2010 JPCERT/CC All Rights Reserved.