How severe is CVE-2010-2076?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2010-2076?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2010-2076 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

Related Vulnerabilities

CVE-2004-0030

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modif...

CWE-8292004

CVE-2004-0285

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMV...

CWE-8292004

CVE-2012-4919

CRITICAL

CVSS:9.8(Critical)

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

CWE-8292012

CVE-2017-1376

CRITICAL

CVSS:9.8(Critical)

A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.

CWE-8292017

CVE-2017-5397

CRITICAL

CVSS:9.8(Critical)

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious applicatio...

CWE-8292017

CVE-2019-13589

CRITICAL

CVSS:9.8(Critical)

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.

CWE-8292019