XML Parsing Vulnerability in IBM WebSphere and Related Products
CVE-2010-1632

Currently unrated

Key Information:

Vendor: Apache
Status: Axis2
Vendor: CVE Published:; 22 June 2010

What is CVE-2010-1632?

The vulnerability in Apache Axis2 and related products allows attackers to exploit vulnerable configurations by sending crafted SOAP messages that include malicious Document Type Definitions (DTDs). This can lead to unauthorized file access, internal server requests, or denial of service through excessive CPU and memory usage. Such exploitation poses significant risk to the confidentiality, integrity, and availability of affected systems, highlighting the need for timely updates and configuration reviews across the specified products.

References

http://markmail.org/message/e4yiij7lfexastvl

x_refsource_MISC

http://geronimo.apache.org/2010/07/21/apache-geronimo-v21...

x_refsource_CONFIRM

http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844

vendor-advisoryx_refsource_AIXAPAR

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2010
Vulnerability Reserved
Apr 29, 2010