CVE-2010-0219

EXPLOITED NUCLEI

Apache Axis2 - Credentials Management

Title source: rule

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Exploits (6)

exploitdb WORKING POC VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/15869
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16315
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16312
nomisec WORKING POC 2 stars
by veritas-rt · remote-auth
https://github.com/veritas-rt/CVE-2010-0219
metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/axis_login.rb
metasploit WORKING POC EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/axis2_deployer.rb

Nuclei Templates (1)

Apache Axis2 Default Login
CRITICALby pikpikcu
Shodan: http.html:"Apache Axis" || http.html:"apache axis"
FOFA: body="apache axis"

References (14)

Scores

EPSS 0.9342
EPSS Percentile 99.8%

Details

VulnCheck KEV 2023-11-15
CWE
CWE-255
Status published
Products (8)
apache/axis2 1.3
apache/axis2 1.4
apache/axis2 1.4.1
apache/axis2 1.5
apache/axis2 1.5.1
apache/axis2 1.5.2
apache/axis2 1.6
sap/businessobjects 3.2
Published Oct 18, 2010
Tracked Since Feb 18, 2026