Vulnerabilites related to apache - synapse
cve-2010-1632
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T01:28:41.797Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://markmail.org/message/e4yiij7lfexastvl", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", }, { name: "PM14844", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", }, { name: "ADV-2010-1528", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1528", }, { name: "PM14765", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", }, { name: "ADV-2010-1531", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1531", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", }, { name: "PM14847", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", }, { name: "41025", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41025", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://geronimo.apache.org/22x-security-report.html", }, { name: "1036901", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036901", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/AXIS2-4450", }, { name: "41016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41016", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", }, { name: "40279", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/GERONIMO-5383", }, { name: "40252", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40252", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://geronimo.apache.org/21x-security-report.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-06-13T00:00:00", descriptions: [ { lang: "en", value: "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-29T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://markmail.org/message/e4yiij7lfexastvl", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", }, { name: "PM14844", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", }, { name: "ADV-2010-1528", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1528", }, { name: "PM14765", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", }, { name: "ADV-2010-1531", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1531", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", }, { name: "PM14847", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", }, { name: "41025", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41025", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://geronimo.apache.org/22x-security-report.html", }, { name: "1036901", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036901", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/AXIS2-4450", }, { name: "41016", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41016", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", }, { name: "40279", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/GERONIMO-5383", }, { name: "40252", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40252", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://geronimo.apache.org/21x-security-report.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-1632", datePublished: "2010-06-22T20:24:00", dateReserved: "2010-04-29T00:00:00", dateUpdated: "2024-08-07T01:28:41.797Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15708
Vulnerability from cvelistv5
Published
2017-12-11 15:00
Modified
2024-09-17 02:51
Severity ?
EPSS score ?
Summary
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102154 | vdb-entry, x_refsource_BID | |
https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202107-37 | vendor-advisory, x_refsource_GENTOO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Synapse |
Version: 3.0.0 Version: 2.1.0 Version: 2.0.0 Version: 1.2 Version: 1.1.2 Version: 1.1.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:04:50.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102154", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102154", }, { name: "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5595: [FE][Fix]Update commons-collections to fix a security issue", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E", }, { name: "GLSA-202107-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-37", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Synapse", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "3.0.0", }, { status: "affected", version: "2.1.0", }, { status: "affected", version: "2.0.0", }, { status: "affected", version: "1.2", }, { status: "affected", version: "1.1.2", }, { status: "affected", version: "1.1.1", }, ], }, ], datePublic: "2017-12-10T00:00:00", descriptions: [ { lang: "en", value: "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-16T07:06:16", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "102154", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102154", }, { name: "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5595: [FE][Fix]Update commons-collections to fix a security issue", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E", }, { name: "GLSA-202107-37", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-37", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-12-10T00:00:00", ID: "CVE-2017-15708", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Synapse", version: { version_data: [ { version_value: "3.0.0", }, { version_value: "2.1.0", }, { version_value: "2.0.0", }, { version_value: "1.2", }, { version_value: "1.1.2", }, { version_value: "1.1.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "102154", refsource: "BID", url: "http://www.securityfocus.com/bid/102154", }, { name: "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", refsource: "MLIST", url: "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5595: [FE][Fix]Update commons-collections to fix a security issue", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6@%3Ccommits.doris.apache.org%3E", }, { name: "GLSA-202107-37", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-37", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-15708", datePublished: "2017-12-11T15:00:00Z", dateReserved: "2017-10-21T00:00:00", dateUpdated: "2024-09-17T02:51:55.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "B0905C80-A1BA-49CD-90CA-9270ECC3940C", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "B108457A-50DC-4432-9E30-98ADBEBF2389", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4A8FC820-48D5-4850-82F7-8DA4A18EFF51", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0661F4A0-A520-4443-B19D-6885920ADFE5", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "A553A6E7-64AA-41F2-9B92-4EC715C617B0", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "9BFBDE57-3895-4841-B23C-06336A7016EB", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", matchCriteriaId: "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", matchCriteriaId: "6289CCB4-9A13-4BB5-B44E-7CA936DD8421", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", matchCriteriaId: "833256BB-E2A6-4FE9-BE4F-982578023E43", vulnerable: false, }, { criteria: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", matchCriteriaId: "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", matchCriteriaId: "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", versionEndIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", matchCriteriaId: "F0CBFD09-884C-436D-8D92-88B47A130C47", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", matchCriteriaId: "E0604FFE-16AC-4990-85F6-88C48A8E1707", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", matchCriteriaId: "EC2371DC-0E86-49F2-98F6-4CCE49A24183", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", matchCriteriaId: "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", versionEndIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", matchCriteriaId: "F0CBFD09-884C-436D-8D92-88B47A130C47", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", matchCriteriaId: "E0604FFE-16AC-4990-85F6-88C48A8E1707", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", matchCriteriaId: "EC2371DC-0E86-49F2-98F6-4CCE49A24183", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*", matchCriteriaId: "67517877-5475-4CDA-A634-4CDE447D41D1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", matchCriteriaId: "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", versionEndIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", matchCriteriaId: "F0CBFD09-884C-436D-8D92-88B47A130C47", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", matchCriteriaId: "E0604FFE-16AC-4990-85F6-88C48A8E1707", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", matchCriteriaId: "EC2371DC-0E86-49F2-98F6-4CCE49A24183", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "8FD46A81-A6D2-4754-A605-B404CF458BA4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", matchCriteriaId: "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", versionEndIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", matchCriteriaId: "F0CBFD09-884C-436D-8D92-88B47A130C47", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", matchCriteriaId: "E0604FFE-16AC-4990-85F6-88C48A8E1707", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", matchCriteriaId: "EC2371DC-0E86-49F2-98F6-4CCE49A24183", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*", matchCriteriaId: "12E8E133-63B2-4B89-BCE9-2BE9DDB010EF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", matchCriteriaId: "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", versionEndIncluding: "1.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", matchCriteriaId: "F0CBFD09-884C-436D-8D92-88B47A130C47", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", matchCriteriaId: "E0604FFE-16AC-4990-85F6-88C48A8E1707", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "4D99CAA7-6580-4B1E-BDD7-0933F037B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", matchCriteriaId: "EC2371DC-0E86-49F2-98F6-4CCE49A24183", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*", matchCriteriaId: "69C1D6C8-B442-4DD2-8988-4DC7A7FDC7AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.", }, { lang: "es", value: "Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elección, enviar peticiones HTTP a servidores de la intranet o provocar una denegación de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaración de entidad en una petición a Synapse SimpleStockQuoteService.", }, ], id: "CVE-2010-1632", lastModified: "2024-11-21T01:14:50.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-06-22T20:30:01.493", references: [ { source: "secalert@redhat.com", url: "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", }, { source: "secalert@redhat.com", url: "http://geronimo.apache.org/21x-security-report.html", }, { source: "secalert@redhat.com", url: "http://geronimo.apache.org/22x-security-report.html", }, { source: "secalert@redhat.com", url: "http://markmail.org/message/e4yiij7lfexastvl", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40252", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40279", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41016", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41025", }, { source: "secalert@redhat.com", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", }, { source: "secalert@redhat.com", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", }, { source: "secalert@redhat.com", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", }, { source: "secalert@redhat.com", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1036901", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1528", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1531", }, { source: "secalert@redhat.com", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", }, { source: "secalert@redhat.com", url: "https://issues.apache.org/jira/browse/AXIS2-4450", }, { source: "secalert@redhat.com", url: "https://issues.apache.org/jira/browse/GERONIMO-5383", }, { source: "secalert@redhat.com", url: "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://geronimo.apache.org/21x-security-report.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://geronimo.apache.org/22x-security-report.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://markmail.org/message/e4yiij7lfexastvl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/1531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.apache.org/jira/browse/AXIS2-4450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://issues.apache.org/jira/browse/GERONIMO-5383", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-11 15:29
Modified
2024-11-21 03:15
Severity ?
Summary
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | synapse | 1.0 | |
apache | synapse | 1.1 | |
apache | synapse | 1.1.1 | |
apache | synapse | 1.1.2 | |
apache | synapse | 1.2 | |
apache | synapse | 2.0.0 | |
apache | synapse | 2.1.0 | |
apache | synapse | 3.0.0 | |
oracle | financial_services_market_risk_measurement_and_management | 8.0.6 | |
oracle | financial_services_market_risk_measurement_and_management | 8.0.8 | |
oracle | peoplesoft_enterprise_peopletools | 8.56 | |
oracle | peoplesoft_enterprise_peopletools | 8.57 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:synapse:1.0:*:*:*:*:*:*:*", matchCriteriaId: "B2CDE3B8-4925-4432-A392-91FE14E26A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:1.1:*:*:*:*:*:*:*", matchCriteriaId: "FDEA6B13-3CAE-4062-9204-039176C4C5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7647E5A8-F6A3-465E-8269-DACD7D69D9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "458A586F-9BC5-4B12-8700-9162B1A90516", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:1.2:*:*:*:*:*:*:*", matchCriteriaId: "CEF877C1-C68B-416D-9F8C-488AC8473625", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A110F340-084D-463A-8EF0-48B743EA8741", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D7ACC01A-13FE-4E89-8C0A-572EE3E3863C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:synapse:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "32D8CFF0-B33B-4544-BB41-C2A4B373E186", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.", }, { lang: "es", value: "En Apache Synapse, no se requiere por defecto autenticación para Java Remote Method Invocation (RMI). Por lo tanto, Apache Synapse 3.0.1 o todas las versiones anteriores (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2 y 1.1.1) permite ataques de ejecución remota de código que pueden realizarse inyectando objetos serializados especialmente manipulados. La presencia de Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) o versiones previas en la distribución Synapse lo hace explotable. Para mitigar este problema, es necesario limitar el acceso RMI solo a usuarios de confianza. La actualización a la versión 3.0.1 eliminará el riesgo de tener dicha versión de Commons Collection. En Synapse 3.0.1, Commons Collection se ha actualizado a la versión 3.2.2.", }, ], id: "CVE-2017-15708", lastModified: "2024-11-21T03:15:02.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-11T15:29:00.237", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102154", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-37", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9%40%3Cdev.synapse.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0fb289cd38c915b9a13a3376134f96222dd9100f1ef66b41631865c6%40%3Ccommits.doris.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }