Description

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Remediation

References

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html

http://geronimo.apache.org/21x-security-report.html

http://geronimo.apache.org/22x-security-report.html

http://markmail.org/message/e4yiij7lfexastvl

http://secunia.com/advisories/40252

http://secunia.com/advisories/40279

http://secunia.com/advisories/41016

http://secunia.com/advisories/41025

http://www.securitytracker.com/id/1036901

http://www.vupen.com/english/advisories/2010/1528

http://www.vupen.com/english/advisories/2010/1531

http://www-01.ibm.com/support/docview.wss?uid=swg21433581

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984

https://issues.apache.org/jira/browse/AXIS2-4450

https://issues.apache.org/jira/browse/GERONIMO-5383

https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf

Related Vulnerabilities

CVE-2023-24449 Vulnerability in maven package org.jvnet.hudson.plugins:pwauth

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2023-50578 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-realm-ldap

CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom

Severity

Critical

Classification

CWE-20

Tags

Vendor Advisory