Vulnerability Name: CVE-2010-1632 (CCN-59588) Assigned: 2010-06-18 Published: 2010-06-18 Updated: 2017-07-30 Summary: Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. CVSS v3 Severity: 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P 4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-20 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2010-1632 Apache Geronimo http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://markmail.org/message/e4yiij7lfexastvl Apache Axis2/Java XML Document Type Declaration Processing Vulnerability 40252 IBM WebSphere Application Server JAX-WS Web Services Vulnerability 40279 Apache Geronimo Multiple Vulnerabilities 41016 Apache Geronimo Multiple Vulnerabilities 41025 IBM Content Integrator Web Services Axis2 Vulnerability IBM Products for Lotus Quickr Axis2 Vulnerability Potential security exposure with IBM WebSphere Application Server Community Edition with JAX-WS or JAX-RS Potential security exposure with IBM WebSphere Application Server with JAX-WS or JAX-RS (PM14844, PM14847, PM14765) http://www-01.ibm.com/support/docview.wss?uid=swg21433581 PM14765 PM14844 PM14847 Important - Apache CXF security advisory CVE-2010-2076 Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS Apache Axis2 Document Type Declaration Processing Security Vulnerability 1036901 ADV-2010-1528 ADV-2010-1531 axis2java-xmldtd-dos(59588) https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984 Message builders for SOAP and XML should not attempt to load DTDs https://issues.apache.org/jira/browse/AXIS2-4450 https://issues.apache.org/jira/browse/GERONIMO-5383 HTTP binding (REST) enables DTD based XML attacks https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf Multiple Vulnerabilities identified in IBM StoredIQ IBM Cognos Analytics has addressed multiple vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:* AND cpe:/a:apache:axis2:1.3:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4.1:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.5:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:*:*:*:*:*:*:*:* (Version <= 1.5.1) Configuration 2 :cpe:/a:apache:axis2:1.3:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4.1:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.5:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:*:*:*:*:*:*:*:* (Version <= 1.5.1) AND cpe:/a:apache:geronimo:*:*:*:*:*:*:*:* Configuration 3 :cpe:/a:apache:axis2:1.3:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4.1:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.5:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:*:*:*:*:*:*:*:* (Version <= 1.5.1) AND cpe:/a:apache:orchestration_director_engine:*:*:*:*:*:*:*:* Configuration 4 :cpe:/a:apache:axis2:1.3:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4.1:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.5:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:*:*:*:*:*:*:*:* (Version <= 1.5.1) AND cpe:/a:apache:synapse:*:*:*:*:*:*:*:* Configuration 5 :cpe:/a:apache:axis2:1.3:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.4.1:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:1.5:*:*:*:*:*:*:* OR cpe:/a:apache:axis2:*:*:*:*:*:*:*:* (Version <= 1.5.1) AND cpe:/a:apache:tuscany:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* AND cpe:/a:apache:geronimo:2.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.1.7:-:*:*:*:*:*:* OR cpe:/a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* BACK
ibm websphere application server 7.0
ibm websphere application server 7.0.0.1
ibm websphere application server 7.0.0.2
ibm websphere application server 7.0.0.3
ibm websphere application server 7.0.0.4
ibm websphere application server 7.0.0.5
ibm websphere application server 7.0.0.6
ibm websphere application server 7.0.0.7
ibm websphere application server 7.0.0.8
ibm websphere application server 7.0.0.9
ibm websphere application server 7.0.0.10
ibm websphere application server 7.0.0.11
ibm websphere application server 7.0.0.12
apache axis2 1.3
apache axis2 1.4
apache axis2 1.4.1
apache axis2 1.5
apache axis2 *
apache axis2 1.3
apache axis2 1.4
apache axis2 1.4.1
apache axis2 1.5
apache axis2 *
apache geronimo *
apache axis2 1.3
apache axis2 1.4
apache axis2 1.4.1
apache axis2 1.5
apache axis2 *
apache orchestration director engine *
apache axis2 1.3
apache axis2 1.4
apache axis2 1.4.1
apache axis2 1.5
apache axis2 *
apache synapse *
apache axis2 1.3
apache axis2 1.4
apache axis2 1.4.1
apache axis2 1.5
apache axis2 *
apache tuscany *
ibm websphere application server 7.0
apache geronimo 2.1.3
ibm storediq 7.6.0
ibm cognos analytics 11.2.0
ibm cognos analytics 11.1.7
ibm cognos analytics 11.2.1
Denotes that component is vulnerable