CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2012-5785
https://notcve.org/view.php?id=CVE-2012-5785
04 Nov 2012 — Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Apache Axis2/Java v1.6.2 y anteriores, no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-th... • http://secunia.com/advisories/51219 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 8EXPL: 8CVE-2010-0219 – Axis2 - (Authenticated) Code Execution (via REST)
https://notcve.org/view.php?id=CVE-2010-0219
18 Oct 2010 — Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versión 3.2, CA ARCserve D2D r15 y otros productos, tiene una contraseña por defecto de axis2 para la cuenta de administrador, lo que facil... • https://packetstorm.news/files/id/181058 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 42EXPL: 0CVE-2010-1632 – HP Security Bulletin HPSBHF03655 1
https://notcve.org/view.php?id=CVE-2010-1632
22 Jun 2010 — Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrate... • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 5CVE-2010-2103 – Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2103
27 May 2010 — Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-adm... • https://www.exploit-db.com/exploits/12689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •