3 matches found
Design/Logic Flaw
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send...
DSquare Exploit Pack: D2SEC_AXIS
Name| d2secaxis ---|--- CVE| CVE-2010-1632 Exploit Pack| D2ExploitPack Description| Apache Axis2 Remote File Access Notes|...
CVE-2010-1632
CVE-2010-1632 affects Apache Axis2 (Java) and is triggered by improper rejection of DTDs in SOAP messages. The issue allows a remote attacker to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via a crafted DTD, demonstrated by an entity declaration in a...