CVE-2010-2076 Information

Description

Apache CXF 2.0.x before 2.0.13 2.1.x before 2.1.10 and 2.2.x before 2.2.9 as used in Apache ServiceMix Apache Camel Apache Chemistry Apache jUDDI Apache Geronimo and other products does not properly reject DTDs in SOAP messages which allows remote attackers to read arbitrary files send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption) via a crafted DTD as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml a similar issue to CVE-2010-1632.

Reference

http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/40969 http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html http://www.securityfocus.com/bid/42492 https://issues.apache.org/jira/browse/GERONIMO-5383 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@3Ccommits.cxf.apache.org3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@3Ccommits.cxf.apache.org3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@3Ccommits.cxf.apache.org3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@3Ccommits.cxf.apache.org3E