85 matches found
Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2012-5351)
Summary IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability. Vulnerability Details CVEID: CVE-2012-5351 DESCRIPTION: Apache Axis2 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using a SAML...
XML External Entity Injection (XXE)
Apache axis2-idea-plugin is vulnerable to XML external entity injection XXE attacks. Attackers can inject entities through the Service XML Edit Page because the DocumentBuilderFactory allows it...
Apache Axis2 后台默认口令
No description provided by source...
Apache Axis2 1.4.1 'xsd' Parameter Directory Traversal Vulnerability - Active Check
Apache Axis2 is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache Axis2 Web Services Detection (HTTP)
HTTP based detection of Apache Axis2 Web Services. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: Reworked detection methods / pattern / code since 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Apache Axis2 Default Credentials (HTTP) - Active Check
The remote Apache Axis2 web interface is using known default credentials. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: Reworked detection code since 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Apache Axis2 <= 1.6.2 Multiple Vulnerabilities
Apache Axis2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:apache:axis2"; if...
Apache Axis2 FD
Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
CVE-2012-6107
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-6107
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-6107
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-6107
Axis2/C (Apache Axis2 in C) has a hostname verification flaw: it does not verify that the server hostname matches the CN or subjectAltName in the X.509 certificate, enabling MITM with any valid certificate. The PT-2014-2368 entry notes affected software as Apache Axis2 (C language Web services en...
CA ARCserve D2D r15 Web Service Servlet Code Execution
No description provided by source. Computer Associates ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc product homepage: https://support.ca.com/phpdocs/0/8363/support/arcserved2dsupport.html vulnerability: The Tomcat Server, which listens for...
Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
No description provided by source. PR10-03 Authenticated Cross-Site Scripting Vulnerability XSS within Apache Axis2 administration console Source: http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-03 Advisory publicly released: Friday, 21 May 2010 Vulnerability found: Saturday, ...
Apache Axis2 Brute Force Utility
This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2. This module requires Metasploit: https://metasploit.com/download...
Apache Axis2/C SSL证书验证安全绕过漏洞
BUGTRAQ ID: 57267 CVECAN ID: CVE-2012-6107 Axis2是一个用C语言实现的Web服务引擎。 Apache Axis2/C在实现上存在安全绕过漏洞,成功利用后可允许攻击者执行中间人攻击或模拟受信任的服务器。 0 Apache Group Axis2/C 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://httpd.apache.org/...
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...
CVE-2012-5785
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...