{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-06-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-29T09:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_MISC"],"url":"http://markmail.org/message/e4yiij7lfexastvl"},{"tags":["x_refsource_CONFIRM"],"url":"http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"},{"name":"PM14844","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"},{"name":"ADV-2010-1528","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/1528"},{"name":"PM14765","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"},{"name":"ADV-2010-1531","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/1531"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21433581"},{"name":"PM14847","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"},{"tags":["x_refsource_CONFIRM"],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"},{"name":"41025","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/41025"},{"tags":["x_refsource_CONFIRM"],"url":"http://geronimo.apache.org/22x-security-report.html"},{"name":"1036901","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1036901"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/jira/browse/AXIS2-4450"},{"name":"41016","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/41016"},{"tags":["x_refsource_CONFIRM"],"url":"https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"},{"name":"40279","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/40279"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/jira/browse/GERONIMO-5383"},{"name":"40252","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/40252"},{"tags":["x_refsource_CONFIRM"],"url":"http://geronimo.apache.org/21x-security-report.html"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T01:28:41.797Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://markmail.org/message/e4yiij7lfexastvl"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html"},{"name":"PM14844","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844"},{"name":"ADV-2010-1528","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/1528"},{"name":"PM14765","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765"},{"name":"ADV-2010-1531","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/1531"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21433581"},{"name":"PM14847","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984"},{"name":"41025","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/41025"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://geronimo.apache.org/22x-security-report.html"},{"name":"1036901","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1036901"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/jira/browse/AXIS2-4450"},{"name":"41016","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/41016"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf"},{"name":"40279","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/40279"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/jira/browse/GERONIMO-5383"},{"name":"40252","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/40252"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://geronimo.apache.org/21x-security-report.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2010-1632","datePublished":"2010-06-22T20:24:00.000Z","dateReserved":"2010-04-29T00:00:00.000Z","dateUpdated":"2024-08-07T01:28:41.797Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}