{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-29T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://markmail.org/message/e4yiij7lfexastvl"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"}, {"name": "PM14844", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"}, {"name": "ADV-2010-1528", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1528"}, {"name": "PM14765", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"}, {"name": "ADV-2010-1531", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1531"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"}, {"name": "PM14847", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"}, {"name": "41025", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41025"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://geronimo.apache.org/22x-security-report.html"}, {"name": "1036901", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036901"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/AXIS2-4450"}, {"name": "41016", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41016"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"}, {"name": "40279", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40279"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/GERONIMO-5383"}, {"name": "40252", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40252"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://geronimo.apache.org/21x-security-report.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:28:41.797Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://markmail.org/message/e4yiij7lfexastvl"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"}, {"name": "PM14844", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"}, {"name": "ADV-2010-1528", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1528"}, {"name": "PM14765", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"}, {"name": "ADV-2010-1531", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1531"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"}, {"name": "PM14847", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"}, {"name": "41025", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41025"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://geronimo.apache.org/22x-security-report.html"}, {"name": "1036901", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036901"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/AXIS2-4450"}, {"name": "41016", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41016"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"}, {"name": "40279", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40279"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/GERONIMO-5383"}, {"name": "40252", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40252"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://geronimo.apache.org/21x-security-report.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1632", "datePublished": "2010-06-22T20:24:00", "dateReserved": "2010-04-29T00:00:00", "dateUpdated": "2024-08-07T01:28:41.797Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43", "vulnerable": false}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*", "matchCriteriaId": "67517877-5475-4CDA-A634-4CDE447D41D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FD46A81-A6D2-4754-A605-B404CF458BA4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*", "matchCriteriaId": "12E8E133-63B2-4B89-BCE9-2BE9DDB010EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*", "matchCriteriaId": "69C1D6C8-B442-4DD2-8988-4DC7A7FDC7AA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."}, {"lang": "es", "value": "Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n, enviar peticiones HTTP a servidores de la intranet o provocar una denegaci\u00f3n de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaraci\u00f3n de entidad en una petici\u00f3n a Synapse SimpleStockQuoteService."}], "id": "CVE-2010-1632", "lastModified": "2017-07-30T01:29:00.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-06-22T20:30:01.493", "references": [{"source": "secalert@redhat.com", "url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"}, {"source": "secalert@redhat.com", "url": "http://geronimo.apache.org/21x-security-report.html"}, {"source": "secalert@redhat.com", "url": "http://geronimo.apache.org/22x-security-report.html"}, {"source": "secalert@redhat.com", "url": "http://markmail.org/message/e4yiij7lfexastvl"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40252"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40279"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/41016"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/41025"}, {"source": "secalert@redhat.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"}, {"source": "secalert@redhat.com", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"}, {"source": "secalert@redhat.com", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"}, {"source": "secalert@redhat.com", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1036901"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1528"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1531"}, {"source": "secalert@redhat.com", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"}, {"source": "secalert@redhat.com", "url": "https://issues.apache.org/jira/browse/AXIS2-4450"}, {"source": "secalert@redhat.com", "url": "https://issues.apache.org/jira/browse/GERONIMO-5383"}, {"source": "secalert@redhat.com", "url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Axis2: Does not properly reject DTDs in SOAP messages", "id": "607118", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=607118"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."], "name": "CVE-2010-1632", "public_date": "2009-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1632\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1632"], "threat_severity": "Moderate"}