CVE-2010-2076 is a vulnerability in Apache CXF

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

Products Associated with CVE-2010-2076

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Exploit Probability

EPSS

11.95%

Percentile

93.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2010-2076 is a vulnerability in Apache CXFPublished on August 19, 2010

Products Associated with CVE-2010-2076

Exploit Probability

CVE-2010-2076 is a vulnerability in Apache CXF
Published on August 19, 2010