CVE-2010-1632 Information

Description

Apache Axis2 before 1.5.2 as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12 IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32 IBM Feature Pack for Web 2.0 1.0.1.0 Apache Synapse Apache ODE Apache Tuscany Apache Geronimo and other products does not properly reject DTDs in SOAP messages which allows remote attackers to read arbitrary files send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption) via a crafted DTD as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.

Reference

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://markmail.org/message/e4yiij7lfexastvl http://secunia.com/advisories/40252 http://secunia.com/advisories/40279 http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://www.securitytracker.com/id/1036901 http://www.vupen.com/english/advisories/2010/1528 http://www.vupen.com/english/advisories/2010/1531 http://www-01.ibm.com/support/docview.wss?uid=swg21433581 http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844 http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984 https://issues.apache.org/jira/browse/AXIS2-4450 https://issues.apache.org/jira/browse/GERONIMO-5383 https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf