CVE-2010-0219

CVE-2010-0219 covers Apache Axis2 default credentials that affect dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and CA ARCserve D2D r15 among others. The issue arises from a default admin password (axis2), enabling remote attackers to upload a crafted web service and achieve arbitrary co...

CVE-2010-2103

CVE-2010-2103: Apache Axis2/Java Axis2 administration console (axis2-admin/engagingglobally) is vulnerable to cross-site scripting via the modules parameter. Affected: Axis2/Java 1.4.1, 1.5.1 (and possibly other versions) used in SAP Business Objects 12, 3Com IMC, etc. The vulnerability is due to...

CVE-2010-1632

CVE-2010-1632 affects Apache Axis2 (Java) and is triggered by improper rejection of DTDs in SOAP messages. The issue allows a remote attacker to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via a crafted DTD, demonstrated by an entity declaration in a...

CVE-2012-5351

CVE-2012-5351 affects Apache Axis2 and allows remote attackers to bypass authentication by forging a SAML assertion that lacks a Signature element (Signature exclusion attack). This is the same family as CVE-2012-4418 and enables message forgery without proper XML-signature verification. IBM-rela...

CVE-2012-4418

CVE-2012-4418 concerns Apache Axis2 and its XML signature handling. The provided connected material confirms that this vulnerability arises from the failure to properly verify signed XML messages, allowing an attacker to craft messages that bypass authentication via an XML Signature wrapping atta...

CVE-2012-5785

CVE-2012-5785 concerns Apache Axis2/Java where server hostname verification against the certificate CN/SubjectAltName is not performed, enabling MITM spoofing with any valid certificate. Connected documents confirm multiple IBM advisories and IBM BPM/TDI/IMS products affected by this Axis2 SSL is...