CVE-2010-0219

Currently unrated

Key Information:

Vendor
Apache
Status
Axis2
Businessobjects
Vendor
CVE Published:
18 October 2010

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 97%

Summary

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2010-0219
Created by Rapid7

References

http://secunia.com/advisories/41799
third-party-advisoryx_refsource_SECUNIA
https://kb.juniper.net/KB27373
x_refsource_CONFIRM
http://retrogod.altervista.org/9sg_ca_d2d.html
x_refsource_MISC

EPSS Score

97% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.