CVE-2010-0219

EXPLOITED NUCLEI

Apache Axis2 - Credentials Management

Title source: rule

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Exploits (6)

nomisec WORKING POC 2 stars
by veritas-rt · remote-auth
https://github.com/veritas-rt/CVE-2010-0219
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/axis2_deployer.rb
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/axis_login.rb
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16315
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16312
exploitdb WORKING POC VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/15869

Nuclei Templates (1)

Apache Axis2 Default Login
CRITICALby pikpikcu
Shodan: http.html:"Apache Axis" || http.html:"apache axis"
FOFA: body="apache axis"

References (14)

Scores

EPSS 0.9342
EPSS Percentile 99.8%

Exploitation Intel

VulnCheck KEV 2023-11-15

Classification

CWE
CWE-255
Status draft

Affected Products (8)

apache/axis2
apache/axis2
apache/axis2
apache/axis2
apache/axis2
apache/axis2
apache/axis2
sap/businessobjects

Timeline

Published Oct 18, 2010
Tracked Since Feb 18, 2026