Description

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Remediation

References

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

http://geronimo.apache.org/21x-security-report.html

http://geronimo.apache.org/22x-security-report.html

http://markmail.org/message/e4yiij7lfexastvl

http://secunia.com/advisories/40252

http://secunia.com/advisories/40279

http://secunia.com/advisories/41016

http://secunia.com/advisories/41025

http://www.securitytracker.com/id/1036901

http://www.vupen.com/english/advisories/2010/1528

http://www.vupen.com/english/advisories/2010/1531

http://www-01.ibm.com/support/docview.wss?uid=swg21433581

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984

https://issues.apache.org/jira/browse/AXIS2-4450

https://issues.apache.org/jira/browse/GERONIMO-5383

https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf

Related Vulnerabilities

CVE-2013-1965 Vulnerability in maven package org.apache.struts:struts2-showcase

CVE-2022-43426 Vulnerability in maven package io.jenkins.plugins:s3explorer

CVE-2022-43405 Vulnerability in maven package io.jenkins.plugins:pipeline-groovy-lib

CVE-2019-1003097 Vulnerability in maven package com.ds.tools.hudson:crowd

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-x500

Severity

Critical

Classification

CWE-20

Tags

Vendor Advisory