All the vulnerabilites related to apache - axis2
cve-2012-4418
Vulnerability from cvelistv5
Published
2012-10-09 23:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/09/13/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/09/12/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=856755 | x_refsource_CONFIRM | |
| http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/55508 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"name": "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"name": "55508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"name": "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"name": "55508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55508"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4418",
"datePublished": "2012-10-09T23:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1632
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name": "PM14844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"name": "ADV-2010-1528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"name": "PM14765",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"name": "ADV-2010-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"name": "PM14847",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41025"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "1036901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"name": "41016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"name": "40279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40279"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name": "40252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40252"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"name": "PM14844",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"name": "ADV-2010-1528",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"name": "PM14765",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"name": "ADV-2010-1531",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"name": "PM14847",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"name": "41025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41025"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"name": "1036901",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"name": "41016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"name": "40279",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40279"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"name": "40252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40252"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://geronimo.apache.org/21x-security-report.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1632",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5351
Vulnerability from cvelistv5
Published
2012-10-09 23:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79487 | vdb-entry, x_refsource_XF | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apache-axis2-saml-sec-bypass(79487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:19:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apache-axis2-saml-sec-bypass(79487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-axis2-saml-sec-bypass(79487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf",
"refsource": "MISC",
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5351",
"datePublished": "2012-10-09T23:00:00",
"dateReserved": "2012-10-09T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0219
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:10.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/KB27373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/9sg_ca_d2d.html"
},
{
"name": "70233",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70233"
},
{
"name": "15869",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-2673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2673"
},
{
"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"
},
{
"name": "businessobjects-dswsbobje-security-bypass(62523)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"
},
{
"name": "42763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42763"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"
},
{
"name": "VU#989719",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/989719"
},
{
"name": "1024929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1432881"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "41799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/KB27373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/9sg_ca_d2d.html"
},
{
"name": "70233",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70233"
},
{
"name": "15869",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-2673",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2673"
},
{
"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"
},
{
"name": "businessobjects-dswsbobje-security-bypass(62523)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"
},
{
"name": "42763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42763"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"
},
{
"name": "VU#989719",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/989719"
},
{
"name": "1024929",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/1432881"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41799"
},
{
"name": "https://kb.juniper.net/KB27373",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/KB27373"
},
{
"name": "http://retrogod.altervista.org/9sg_ca_d2d.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_ca_d2d.html"
},
{
"name": "70233",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70233"
},
{
"name": "15869",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15869"
},
{
"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource": "MISC",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-2673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2673"
},
{
"name": "20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"
},
{
"name": "businessobjects-dswsbobje-security-bypass(62523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"
},
{
"name": "42763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42763"
},
{
"name": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp",
"refsource": "MISC",
"url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"
},
{
"name": "VU#989719",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/989719"
},
{
"name": "1024929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024929"
},
{
"name": "https://service.sap.com/sap/support/notes/1432881",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1432881"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0219",
"datePublished": "2010-10-18T16:00:00",
"dateReserved": "2010-01-06T00:00:00",
"dateUpdated": "2024-08-07T00:45:10.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5785
Vulnerability from cvelistv5
Published
2012-11-04 22:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/51219 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79830 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/56408 | vdb-entry, x_refsource_BID | |
| http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51219"
},
{
"name": "apache-axis2-ssl-spoofing(79830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79830"
},
{
"name": "56408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51219"
},
{
"name": "apache-axis2-ssl-spoofing(79830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79830"
},
{
"name": "56408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51219"
},
{
"name": "apache-axis2-ssl-spoofing(79830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79830"
},
{
"name": "56408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56408"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5785",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2103
Vulnerability from cvelistv5
Published
2010-05-27 22:00
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58790 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/39906 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/12689 | exploit, x_refsource_EXPLOIT-DB | |
| https://kb.juniper.net/KB27373 | x_refsource_CONFIRM | |
| http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03 | x_refsource_MISC | |
| http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2010/1215 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/40327 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/511404/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/64844 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:05.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "axis2-modules-xss(58790)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58790"
},
{
"name": "39906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39906"
},
{
"name": "12689",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/KB27373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-1215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1215"
},
{
"name": "40327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40327"
},
{
"name": "20100521 PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511404/100/0/threaded"
},
{
"name": "64844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "axis2-modules-xss(58790)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58790"
},
{
"name": "39906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39906"
},
{
"name": "12689",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/KB27373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-1215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1215"
},
{
"name": "40327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40327"
},
{
"name": "20100521 PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511404/100/0/threaded"
},
{
"name": "64844",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "axis2-modules-xss(58790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58790"
},
{
"name": "39906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39906"
},
{
"name": "12689",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12689"
},
{
"name": "https://kb.juniper.net/KB27373",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/KB27373"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03"
},
{
"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource": "MISC",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"name": "ADV-2010-1215",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1215"
},
{
"name": "40327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40327"
},
{
"name": "20100521 PR10-03: Authenticated Cross-Site Scripting (XSS) within the Apache Axis2 administration console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511404/100/0/threaded"
},
{
"name": "64844",
"refsource": "OSVDB",
"url": "http://osvdb.org/64844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2103",
"datePublished": "2010-05-27T22:00:00",
"dateReserved": "2010-05-27T00:00:00",
"dateUpdated": "2024-08-07T02:25:05.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-11-04 22:55
Modified
2024-11-21 01:45
Severity ?
Summary
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73D78CB-2DF5-4465-B12D-AF3F6A669279",
"versionEndIncluding": "1.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89046700-F2B9-4468-AB71-3451401C16DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C90C54B-DB25-48FC-BAC5-46050E2A80A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "187817CD-F8E3-4D3C-AB3F-6F4DBAD966FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA975A4-72B8-4C92-BDC6-9E8039FFD0BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "20DB6740-3556-4286-99F3-4B013F58F202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC87179-CCFA-45D4-98C1-7D594EC88999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFD1F4F-8BCE-4CAB-A006-2A4624A249A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "Apache Axis2/Java v1.6.2 y anteriores, no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido arbitrario."
}
],
"id": "CVE-2012-5785",
"lastModified": "2024-11-21T01:45:13.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-04T22:55:03.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/51219"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56408"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79830"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-27 22:30
Modified
2024-11-21 01:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3com:intelligent_management_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4064E211-495D-415B-9B64-18402D6FE09B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sap:business_objects:12:*:*:*:*:*:*:*",
"matchCriteriaId": "2F02BA86-896E-4FE7-B285-FBC9497F10D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en axis2-admin/axis2-admin/engagingglobally en la consola de administraci\u00f3n de Apache Axis2/Java v1.4.1, v1.5.1 y posiblemente otras versiones, usada en Business Objects 12, 3com IMC y posiblemente en otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"modules\". NOTA: algunos detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2010-2103",
"lastModified": "2024-11-21T01:15:54.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-27T22:30:02.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/64844"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39906"
},
{
"source": "cve@mitre.org",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/12689"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511404/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40327"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1215"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58790"
},
{
"source": "cve@mitre.org",
"url": "https://kb.juniper.net/KB27373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/64844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/12689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511404/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.juniper.net/KB27373"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67517877-5475-4CDA-A634-4CDE447D41D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD46A81-A6D2-4754-A605-B404CF458BA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12E8E133-63B2-4B89-BCE9-2BE9DDB010EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC",
"versionEndIncluding": "1.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1D6C8-B442-4DD2-8988-4DC7A7FDC7AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."
},
{
"lang": "es",
"value": "Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n, enviar peticiones HTTP a servidores de la intranet o provocar una denegaci\u00f3n de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaraci\u00f3n de entidad en una petici\u00f3n a Synapse SimpleStockQuoteService."
}
],
"id": "CVE-2010-1632",
"lastModified": "2024-11-21T01:14:50.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-22T20:30:01.493",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"source": "secalert@redhat.com",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"source": "secalert@redhat.com",
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40252"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40279"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41016"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41025"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"source": "secalert@redhat.com",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036901"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"source": "secalert@redhat.com",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"source": "secalert@redhat.com",
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/21x-security-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://geronimo.apache.org/22x-security-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://markmail.org/message/e4yiij7lfexastvl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/AXIS2-4450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-09 23:55
Modified
2024-11-21 01:44
Severity ?
Summary
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1E190F-7C54-42D3-ADF2-9CF0ECF95F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418."
},
{
"lang": "es",
"value": "Apache Axis2 permite a atacantes remotos falsificar mensajes y eludir la autenticaci\u00f3n a trav\u00e9s de una aserci\u00f3n SAML que carece de un elemento Signature, tambi\u00e9n conocido como un \"ataque exclusi\u00f3n de firma\", una vulnerabilidad diferente de CVE-2012-4418."
}
],
"id": "CVE-2012-5351",
"lastModified": "2024-11-21T01:44:34.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-09T23:55:05.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2024-11-21 01:11
Severity ?
Summary
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89046700-F2B9-4468-AB71-3451401C16DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC87179-CCFA-45D4-98C1-7D594EC88999",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*",
"matchCriteriaId": "224ED925-BF44-4C85-89B5-DC3A187AAE77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service."
},
{
"lang": "es",
"value": "Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versi\u00f3n 3.2, CA ARCserve D2D r15 y otros productos, tiene una contrase\u00f1a por defecto de axis2 para la cuenta de administrador, lo que facilita a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante la carga de un servicio web especialmente dise\u00f1ado."
}
],
"id": "CVE-2010-0219",
"lastModified": "2024-11-21T01:11:46.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-18T17:00:03.457",
"references": [
{
"source": "cret@cert.org",
"url": "http://retrogod.altervista.org/9sg_ca_d2d.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41799"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/42763"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/15869"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/989719"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/70233"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1024929"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2673"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"
},
{
"source": "cret@cert.org",
"url": "https://kb.juniper.net/KB27373"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "https://service.sap.com/sap/support/notes/1432881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://retrogod.altervista.org/9sg_ca_d2d.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/989719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rapid7.com/security-center/advisories/R7-0037.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514284/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kb.juniper.net/KB27373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://service.sap.com/sap/support/notes/1432881"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-09 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1E190F-7C54-42D3-ADF2-9CF0ECF95F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\""
},
{
"lang": "es",
"value": "Apache Axis2 permite a atacantes remotos falsificar mensajes y eludir la autenticaci\u00f3n a trav\u00e9s de un \"ataque de envoltorio de firma XML\".\r\n"
}
],
"id": "CVE-2012-4418",
"lastModified": "2024-11-21T01:42:50.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-09T23:55:05.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55508"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}