CVE: CVE-2010-2076

Export to Word

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.07827
Percentile: 0.91557

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-829 : Inclusion of Functionality from Untrusted Control Sphere

All CAPEC(s)

CAPEC-175: Code Inclusion
CAPEC-201: Serialized Data External Linking
CAPEC-228: DTD Injection
CAPEC-251: Local Code Inclusion
CAPEC-252: PHP Local File Inclusion
CAPEC-253: Remote Code Inclusion
CAPEC-263: Force Use of Corrupted Files
CAPEC-538: Open-Source Library Manipulation
CAPEC-549: Local Execution of Code
CAPEC-640: Inclusion of Code in Existing Process
CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
CAPEC-695: Repo Jacking
CAPEC-698: Install Malicious Extension

CAPEC(s) with Mapped TTPs

CAPEC-251: Local Code Inclusion
Mapped TTPs:
- T1055 : Process Injection
CAPEC-538: Open-Source Library Manipulation
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
CAPEC-640: Inclusion of Code in Existing Process
Mapped TTPs:
- T1505.005 : Terminal Services DLL
- T1574.006 : Dynamic Linker Hijacking
- T1574.013 : KernelCallbackTable
- T1620 : Reflective Code Loading
CAPEC-660: Root/Jailbreak Detection Evasion via Hooking
Mapped TTPs:
- T1055 : Process Injection
CAPEC-695: Repo Jacking
Mapped TTPs:
- T1195.001 : Compromise Software Dependencies and Development Tools
CAPEC-698: Install Malicious Extension
Mapped TTPs:
- T1176 : Software Extensions
- T1505.004 : IIS Components

Mapped ATT&CK TTPs

T1055 : Process Injection
Kill Chain: defense-evasion
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1505.005 : Terminal Services DLL
Kill Chain: persistence
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.013 : KernelCallbackTable
Kill Chain: persistence
T1620 : Reflective Code Loading
Kill Chain: defense-evasion
T1055 : Process Injection
Kill Chain: defense-evasion
T1195.001 : Compromise Software Dependencies and Development Tools
Kill Chain: initial-access
T1176 : Software Extensions
Kill Chain: persistence
T1505.004 : IIS Components
Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
ArcaneDoor
2015 Ukraine Electric Power Attack
Operation Dream Job
Operation Sharpshooter
Cutting Edge

Affected Products

cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

← Back to Home