CVE-2010-2076

CRITICAL

Apache CXF 2.0.6-2.0.12, 2.1.x < 2.1.10, 2.2.x < 2.2.9 - XML External Entity Injection via SOAP DTD Processing

Title source: llm
STIX 2.1

Description

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

References (16)

Core 16
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42492
Exploit, Vendor Advisory x_refsource_confirm
http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41025
Release Notes, Vendor Advisory x_refsource_confirm
http://geronimo.apache.org/22x-security-report.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41016
Third Party Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/GERONIMO-5383
Release Notes, Vendor Advisory x_refsource_confirm
http://geronimo.apache.org/21x-security-report.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40969

Scores

CVSS v3 9.8
EPSS 0.0979
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-829
Status published
Products (2)
apache/cxf 2.0.6 - 2.0.13
org.apache.cxf/cxf-rt-frontend-jaxrs 2.0.0 - 2.0.13Maven
Published Aug 19, 2010
Tracked Since Feb 18, 2026