CVE-2010-0219

Exploitation Summary

CVE-2010-0219 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including rgod, Metasploit, veritas-rt, including a Metasploit module auxiliary/scanner/http/axis_login. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a default credential vulnerability in Computer Associates ARCserve D2D r15's Apache Axis2 web service. It allows arbitrary code execution with SYSTEM privileges by uploading a malicious .aar file via the Axis2 admin interface.

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Exploits (6)

exploitdb WORKING POC VERIFIED

by rgod · textremotewindows

https://www.exploit-db.com/exploits/15869

View Code ZIP pw:eip

This exploit targets a default credential vulnerability in Computer Associates ARCserve D2D r15's Apache Axis2 web service. It allows arbitrary code execution with SYSTEM privileges by uploading a malicious .aar file via the Axis2 admin interface.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Computer Associates ARCserve D2D r15

Auth required

Prerequisites: Network access to port 8014 · Default credentials (admin:axis2)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16315

View Code ZIP pw:eip

This Metasploit module exploits CVE-2010-0219 by authenticating to an Axis2 Web Admin Module and uploading a malicious JAR file via SOAP to achieve remote code execution. It supports multiple platforms including Java, Windows, and Linux.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Axis2 (including SAP BusinessObjects)

Auth required

Prerequisites: Valid credentials for Axis2 Web Admin Module · Network access to the target service

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/16312

View Code ZIP pw:eip

This Metasploit module exploits CVE-2010-0219 by authenticating to an Axis2 Web Admin Module and uploading a malicious JAR file via REST, achieving remote code execution. It supports multiple platforms (Java, Windows, Linux) and uses a deployed web service to trigger payload execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Axis2 (versions with vulnerable Web Admin Module)

Auth required

Prerequisites: Valid credentials for Axis2 Web Admin Module · Network access to the Axis2 admin interface (typically port 8080)

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by veritas-rt · remote-auth

https://github.com/veritas-rt/CVE-2010-0219

View Code ZIP pw:eip

This exploit targets CVE-2010-0219, an arbitrary file upload vulnerability in Apache Axis2. It authenticates as an admin, uploads a malicious AAR file, and deploys a webshell for remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Axis2 (versions prior to 1.5.1)

Auth required

Prerequisites: Admin credentials for Axis2 admin console · Network access to the target · Malicious AAR file (webshell.aar)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/axis_login.rb

View Code ZIP pw:eip

This Metasploit module is a brute-force utility for Apache Axis2 login pages, attempting authentication using provided username and password combinations. It verifies the presence of the login page and systematically tests credentials.

Classification

Scanner 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Apache Axis2 (versions 1.4.1 and 1.6.2)

No auth needed

Prerequisites: Access to the Apache Axis2 login page · List of usernames and passwords for brute-forcing

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/axis2_deployer.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated code execution vulnerability in Axis2 and SAP BusinessObjects via SOAP. It uploads a malicious JAR file as a web service and triggers execution through SOAP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Axis2 (versions with CVE-2010-0219), SAP BusinessObjects

Auth required

Prerequisites: Valid credentials for Axis2 admin interface · Network access to target service (typically port 8080)

MITRE ATT&CK