Apache Axis2 Document Type Declaration Processing Security Vulnerability Network Vulnerability

Summary

Apache Axis2 is prone to a security vulnerability that may result in information-disclosure or denial-of-service conditions. An attacker can exploit this vulnerability to obtain potentially sensitive information by including local and external files on computers running the vulnerable application or by causing denial-of- service conditions other attacks are also possible. The issue affects versions prior to 1.5.2 and 1.6.

Solution

The vendor has released fixes. Please see the references for more information.

References

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
http://ws.apache.org/axis2/
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027019
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027020
http://www-01.ibm.com/support/docview.wss?uid=swg27019456
http://www.ibm.com
http://www.ibm.com/support/docview.wss?uid=swg24027502
http://www.ibm.com/support/docview.wss?uid=swg24027503
https://issues.apache.org/jira/browse/AXIS2-4450
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
https://www.securityfocus.com/bid/40976

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1632
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Multiple Vulnerabilities
artmedic_links5 File Inclusion Vulnerability
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability

Take action and discover your vulnerabilities