CVSS: 5.9EPSS: 3%CPEs: 1EXPL: 0CVE-2012-6107
https://notcve.org/view.php?id=CVE-2012-6107
29 Sep 2014 — Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Apache Axis2/C no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de u... • http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser • CWE-310: Cryptographic Issues •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2012-5785
https://notcve.org/view.php?id=CVE-2012-5785
04 Nov 2012 — Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Apache Axis2/Java v1.6.2 y anteriores, no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-th... • http://secunia.com/advisories/51219 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2012-4418
https://notcve.org/view.php?id=CVE-2012-4418
09 Oct 2012 — Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." Apache Axis2 permite a atacantes remotos falsificar mensajes y eludir la autenticación a través de un "ataque de envoltorio de firma XML". • http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5351
https://notcve.org/view.php?id=CVE-2012-5351
09 Oct 2012 — Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. Apache Axis2 permite a atacantes remotos falsificar mensajes y eludir la autenticación a través de una aserción SAML que carece de un elemento Signature, también conocido como un "ataque exclusión de firma", una vulnerabilidad diferente de CVE-2012-4418. • http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 93%CPEs: 8EXPL: 8CVE-2010-0219 – Axis2 - (Authenticated) Code Execution (via REST)
https://notcve.org/view.php?id=CVE-2010-0219
18 Oct 2010 — Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versión 3.2, CA ARCserve D2D r15 y otros productos, tiene una contraseña por defecto de axis2 para la cuenta de administrador, lo que facil... • https://packetstorm.news/files/id/181058 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 42EXPL: 0CVE-2010-1632 – HP Security Bulletin HPSBHF03655 1
https://notcve.org/view.php?id=CVE-2010-1632
22 Jun 2010 — Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrate... • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 17%CPEs: 6EXPL: 5CVE-2010-2103 – Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2103
27 May 2010 — Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-adm... • https://www.exploit-db.com/exploits/12689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •