CVE-2010-1632

{"id": "CVE-2010-1632", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-22T20:30:01.493", "references": [{"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", "source": "secalert@redhat.com"}, {"url": "http://geronimo.apache.org/21x-security-report.html", "source": "secalert@redhat.com"}, {"url": "http://geronimo.apache.org/22x-security-report.html", "source": "secalert@redhat.com"}, {"url": "http://markmail.org/message/e4yiij7lfexastvl", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40252", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40279", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41016", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41025", "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", "source": "secalert@redhat.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1036901", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1528", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1531", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/AXIS2-4450", "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/GERONIMO-5383", "source": "secalert@redhat.com"}, {"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", "source": "secalert@redhat.com"}, {"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://geronimo.apache.org/21x-security-report.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://geronimo.apache.org/22x-security-report.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://markmail.org/message/e4yiij7lfexastvl", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/40252", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/40279", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41016", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41025", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21433581", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1036901", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/1528", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/1531", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.apache.org/jira/browse/AXIS2-4450", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.apache.org/jira/browse/GERONIMO-5383", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."}, {"lang": "es", "value": "Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n, enviar peticiones HTTP a servidores de la intranet o provocar una denegaci\u00f3n de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaraci\u00f3n de entidad en una petici\u00f3n a Synapse SimpleStockQuoteService."}], "lastModified": "2024-11-21T01:14:50.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1"}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D"}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1"}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D"}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67517877-5475-4CDA-A634-4CDE447D41D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1"}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D"}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:orchestration_director_engine:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FD46A81-A6D2-4754-A605-B404CF458BA4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1"}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D"}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:synapse:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12E8E133-63B2-4B89-BCE9-2BE9DDB010EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEE048D6-C2D3-43F7-BA3C-E07FCFC00EAC", "versionEndIncluding": "1.5.1"}, {"criteria": "cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0CBFD09-884C-436D-8D92-88B47A130C47"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0604FFE-16AC-4990-85F6-88C48A8E1707"}, {"criteria": "cpe:2.3:a:apache:axis2:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D99CAA7-6580-4B1E-BDD7-0933F037B29D"}, {"criteria": "cpe:2.3:a:apache:axis2:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2371DC-0E86-49F2-98F6-4CCE49A24183"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tuscany:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "69C1D6C8-B442-4DD2-8988-4DC7A7FDC7AA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}