Executive Summary

Informations
Name CVE-2010-0219 First vendor Publication 2010-10-18
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0219

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Application 1

SAINT Exploits

Description Link
CA ARCserve D2D Axis2 default password More info here
HP Universal CMDB Server Axis2 default password More info here

Open Source Vulnerability Database (OSVDB)

Id Description
68662 SAP BusinessObjects Axis2 dswsbobje.war Module Admin Account Default Password

By default, SAP BusinessObjects's dswsbobje.war module deploys axis2 with a default password. The admin account has a password of axis2 which is publicly known and documented. This allows a remote attacker to execute arbitrary code by uploading a crafted web service.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-02-17 IAVM : 2011-B-0020 - Computer Associates ARCserve Password Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0026075

Snort® IPS/IDS

Date Description
2014-01-10 CA ARCserve Axis2 default credential login attempt
RuleID : 18985 - Revision : 13 - Type : POLICY-OTHER

Nessus® Vulnerability Scanner

Date Description
2010-05-27 Name : The remote web server hosts a web application that uses default credentials.
File : apache_axis2_default_creds.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://retrogod.altervista.org/9sg_ca_d2d.html
http://secunia.com/advisories/41799
http://secunia.com/advisories/42763
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObje...
http://www.exploit-db.com/exploits/15869
http://www.kb.cert.org/vuls/id/989719
http://www.osvdb.org/70233
http://www.rapid7.com/security-center/advisories/R7-0037.jsp
http://www.securityfocus.com/archive/1/514284/100/0/threaded
http://www.securitytracker.com/id?1024929
http://www.vupen.com/english/advisories/2010/2673
https://exchange.xforce.ibmcloud.com/vulnerabilities/62523
https://kb.juniper.net/KB27373
https://service.sap.com/sap/support/notes/1432881
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 23:07:23
  • Multiple Updates
2024-11-28 12:21:00
  • Multiple Updates
2020-05-23 13:16:54
  • Multiple Updates
2020-05-23 00:25:08
  • Multiple Updates
2018-10-11 00:19:46
  • Multiple Updates
2017-08-17 09:22:54
  • Multiple Updates
2016-06-28 18:00:26
  • Multiple Updates
2016-04-26 19:31:24
  • Multiple Updates
2014-02-17 10:53:25
  • Multiple Updates
2014-01-19 21:26:31
  • Multiple Updates
2013-11-11 12:38:35
  • Multiple Updates
2013-05-10 23:16:47
  • Multiple Updates
2013-05-10 13:19:55
  • Multiple Updates