mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
301 lines
12 KiB
JSON
301 lines
12 KiB
JSON
{
|
|
"id": "CVE-2010-2076",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2010-08-19T18:00:02.937",
|
|
"lastModified": "2023-02-13T04:20:24.667",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Apache CXF v2.0.x anterior a v2.0.13, v2.1.x anterior a v2.1.10, y v2.2.x anterior a v2.2.9, utilizado en Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, y otros productos, no rechaza correctamente DTDs en los mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elecci\u00f3n, enviar peticiones HTTP al servidor de la intranet, o provocar una denegaci\u00f3n de servicio (consumo de CPU y memoria) a trav\u00e9s de un DTD manipulado, como se ha demostrado por una declaraci\u00f3n de la entidad en una petici\u00f3n a samples/wsdl_first_pure_xml, un caso similar a CVE-2010-1632."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0885C0F6-9BD6-41C8-9907-42B587C595E5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0:m1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "92EDF782-EABA-4C3B-9D8B-3CFEECF2DB37"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0:rc:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D24BC490-54F5-4917-96D0-08346439553C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5ED13439-5816-43E4-A01C-814AF738DE6A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A9B5C447-AC5D-4614-9A1F-19F4FA039250"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F722B13-E65E-4422-BEA9-351968392CC6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CC84848-F274-4A22-80CC-77D4D5940C7B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9F2A570-DC7E-45B7-A6C4-9374E61CF987"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AAE1F63B-6B8F-4A5D-9CA8-DC9A0AD7176C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65A204FF-25A9-49E2-B68C-1B0C8CF734EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ACB51464-5D1D-4039-BC26-899DEB514A33"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98E536EA-CA49-4FB6-8B45-6D5F21C40EF9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CED5E4B5-A549-4395-8B89-F1359EF08180"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5773960B-C837-4C14-9940-17A36A1AB162"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.0.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "475C50DA-5B27-4E4D-8AB1-57312C3098B2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B881074E-454E-4901-954E-CB274D0BFBC5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "54B135D6-80DD-445C-BE1B-1F76CA5E1FF8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8F6AE706-649A-4356-AE7C-3E4FA22C356C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15D13FB9-C02D-40DE-95D2-98436D12160D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3928457A-A7C0-461C-932E-D5859D9C8AE9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "42C1FAAC-7477-411E-A6B0-C6D87408FBC2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "189BD90D-134D-47CB-A58D-0489799922AA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "78F2E474-0DEC-491E-8B09-653FA13D8DC4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D673D970-822A-4ACE-AE90-083D8503F511"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.1.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FC734E79-4DB6-43CB-B175-480AAD853F4D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D13273D8-6149-44F2-87C5-E5D56A5F8D63"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6A089BE2-453E-4396-8FFA-258380FF61CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C9435423-6405-49AC-A707-9788E28FC645"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "673AABB0-5B0F-413E-9403-63924D943F36"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7A414C9A-746D-4D86-8FF7-B0220CE83937"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F077D040-9BE9-44FC-8D9C-8A356386872D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "212F3EE3-079E-400C-B45D-4DCE2A6DC95D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5A2368FA-6978-49C3-9F61-9502C660D33B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:2.2.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15301546-786F-4FE5-9965-1F67E5F20BA8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://geronimo.apache.org/21x-security-report.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://geronimo.apache.org/22x-security-report.html",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/42492",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://issues.apache.org/jira/browse/GERONIMO-5383",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
}
|
|
]
|
|
} |