CVE-2010-1632
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
7.5
Description
Improper Input Validation in Apache Axis2
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.axis2.wso2:axis2 | <1.5.2 | 1.5.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | websphere_application_server | 7.0 | |
| ibm | websphere_application_server | 7.0.0.1 | |
| ibm | websphere_application_server | 7.0.0.2 | |
| ibm | websphere_application_server | 7.0.0.3 | |
| ibm | websphere_application_server | 7.0.0.4 | |
| ibm | websphere_application_server | 7.0.0.5 | |
| ibm | websphere_application_server | 7.0.0.6 | |
| ibm | websphere_application_server | 7.0.0.7 | |
| ibm | websphere_application_server | 7.0.0.8 | |
| ibm | websphere_application_server | 7.0.0.9 | |
| ibm | websphere_application_server | 7.0.0.10 | |
| ibm | websphere_application_server | 7.0.0.11 | |
| ibm | websphere_application_server | 7.0.0.12 | |
| apache | axis2 | {"endIncluding":"1.5.1"} | |
| apache | axis2 | 1.3 | |
| apache | axis2 | 1.4 | |
| apache | axis2 | 1.4.1 | |
| apache | axis2 | 1.5 | |
| apache | geronimo | | |
| apache | orchestration_director_engine | | |
| apache | synapse | | |
| apache | tuscany | | |
References
- http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html
- http://geronimo.apache.org/21x-security-report.html
- http://geronimo.apache.org/22x-security-report.html
- http://markmail.org/message/e4yiij7lfexastvl
- http://secunia.com/advisories/40252
- http://secunia.com/advisories/40279
- http://secunia.com/advisories/41016
- http://secunia.com/advisories/41025
- http://www-01.ibm.com/support/docview.wss?uid=swg21433581
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM14844
- http://www-1.ibm.com/support/docview.wss?uid=swg1PM14847
- http://www.securitytracker.com/id/1036901
- http://www.vupen.com/english/advisories/2010/1528
- http://www.vupen.com/english/advisories/2010/1531
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289984
- https://issues.apache.org/jira/browse/AXIS2-4450
- https://issues.apache.org/jira/browse/GERONIMO-5383
- https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
- https://nvd.nist.gov/vuln/detail/CVE-2010-1632
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.