Lucene search
K

85 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/10/23 7:41 p.m.21 views

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2012-5351)

Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2012-5351 DESCRIPTION: Apache Axis2 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using a SAML...

6.4CVSS0.8AI score0.05089EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/10/05 8:26 a.m.7 views

XML External Entity Injection (XXE)

Apache axis2-idea-plugin is vulnerable to XML external entity injection XXE attacks. Attackers can inject entities through the Service XML Edit Page because the DocumentBuilderFactory allows it...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/15 12:0 a.m.17 views

Apache Axis2 后台默认口令

No description provided by source...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2015/03/20 12:0 a.m.176 views

Apache Axis2 1.4.1 'xsd' Parameter Directory Traversal Vulnerability - Active Check

Apache Axis2 is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

5.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/20 12:0 a.m.31 views

Apache Axis2 Web Services Detection (HTTP)

HTTP based detection of Apache Axis2 Web Services. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: Reworked detection methods / pattern / code since 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.1AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/18 12:0 a.m.2218 views

Apache Axis2 Default Credentials (HTTP) - Active Check

The remote Apache Axis2 web interface is using known default credentials. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: Reworked detection code since 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

10CVSS8.6AI score0.89871EPSS
Exploits17References2
OpenVAS
OpenVAS
added 2015/03/17 12:0 a.m.334 views

Apache Axis2 <= 1.6.2 Multiple Vulnerabilities

Apache Axis2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:apache:axis2"; if...

6.4CVSS8.6AI score0.05999EPSS
Exploits2References3
Dsquare
Dsquare
added 2014/11/12 12:0 a.m.45 views

Apache Axis2 FD

Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

0.6AI score
Exploits0
NVD
NVD
added 2014/09/29 10:55 p.m.16 views

CVE-2012-6107

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

4.3CVSS6.5AI score0.02153EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2014/09/29 10:55 p.m.23 views

CVE-2012-6107

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

4.3CVSS6AI score0.02153EPSS
Exploits1References2
Prion
Prion
added 2014/09/29 10:55 p.m.15 views

Code injection

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

4.3CVSS7AI score0.02153EPSS
Exploits1References9
Cvelist
Cvelist
added 2014/09/29 10:0 p.m.27 views

CVE-2012-6107

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.5AI score0.02153EPSS
Exploits1References9
CVE
CVE
added 2014/09/29 10:0 p.m.39 views

CVE-2012-6107

Axis2/C (Apache Axis2 in C) has a hostname verification flaw: it does not verify that the server hostname matches the CN or subjectAltName in the X.509 certificate, enabling MITM with any valid certificate. The PT-2014-2368 entry notes affected software as Apache Axis2 (C language Web services en...

4.3CVSS6.7AI score0.02153EPSS
Exploits1References9Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.150 views

CA ARCserve D2D r15 Web Service Servlet Code Execution

No description provided by source. Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc product homepage: https://support.ca.com/phpdocs/0/8363/support/arcserved2dsupport.html vulnerability: The Tomcat Server, which listens for...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console

No description provided by source. PR10-03 Authenticated Cross-Site Scripting Vulnerability XSS within Apache Axis2 administration console Source: http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-03 Advisory publicly released: Friday, 21 May 2010 Vulnerability found: Saturday, ...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2014/05/28 7:31 p.m.75 views

Apache Axis2 Brute Force Utility

This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2. This module requires Metasploit: https://metasploit.com/download...

10CVSS7.5AI score0.89871EPSS
Exploits17
seebug.org
seebug.org
added 2013/01/14 12:0 a.m.18 views

Apache Axis2/C SSL证书验证安全绕过漏洞

BUGTRAQ ID: 57267 CVECAN ID: CVE-2012-6107 Axis2是一个用C语言实现的Web服务引擎。 Apache Axis2/C在实现上存在安全绕过漏洞,成功利用后可允许攻击者执行中间人攻击或模拟受信任的服务器。 0 Apache Group Axis2/C 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://httpd.apache.org/...

4.3CVSS6.5AI score0.02153EPSS
Exploits1
FreeBSD
FreeBSD
added 2012/12/06 12:0 a.m.47 views

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...

5.8CVSS6.5AI score0.09149EPSS
Exploits1References4
NVD
NVD
added 2012/11/04 10:55 p.m.10 views

CVE-2012-5785

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS9.2AI score0.02206EPSS
Exploits1References4
Prion
Prion
added 2012/11/04 10:55 p.m.16 views

Code injection

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.9AI score0.02206EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder