Summary
Apache Axis2 is prone to a security vulnerability that may result in information-disclosure or denial-of-service conditions.
An attacker can exploit this vulnerability to obtain potentially sensitive information by including local and external files on computers running the vulnerable application or by causing denial-of- service conditions
other attacks are also possible.
The issue affects versions prior to 1.5.2 and 1.6.
Solution
The vendor has released fixes. Please see the references for more information.
References
- http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
- http://ws.apache.org/axis2/
- http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027019
- http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24027020
- http://www-01.ibm.com/support/docview.wss?uid=swg27019456
- http://www.ibm.com
- http://www.ibm.com/support/docview.wss?uid=swg24027502
- http://www.ibm.com/support/docview.wss?uid=swg24027503
- https://issues.apache.org/jira/browse/AXIS2-4450
- https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
- https://www.securityfocus.com/bid/40976
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-1632 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- Atmail Multiple Unspecified Security Vulnerabilities.
- ARRIS 2307 Unprotected Web Console
- Apache Struts ClassLoader Manipulation Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution