Apache Axis2 Document Type Declaration Processing Security Vulnerability Network Vulnerability

Summary

Apache Axis2 is prone to a security vulnerability that may result in information-disclosure or denial-of-service conditions. An attacker can exploit this vulnerability to obtain potentially sensitive information by including local and external files on computers running the vulnerable application or by causing denial-of- service conditions other attacks are also possible. The issue affects versions prior to 1.5.2 and 1.6.

Solution

The vendor has released fixes. Please see the references for more information.

References

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
http://ws.apache.org/axis2/
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027019
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027020
http://www-01.ibm.com/support/docview.wss?uid=swg27019456
http://www.ibm.com
http://www.ibm.com/support/docview.wss?uid=swg24027502
http://www.ibm.com/support/docview.wss?uid=swg24027503
https://issues.apache.org/jira/browse/AXIS2-4450
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
https://www.securityfocus.com/bid/40976

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1632

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ASP Inline Corporate Calendar SQL injection
ApPHP MicroBlog Remote Code Execution Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
4psa Voipnow Local File Inclusion Vulnerability
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities