CVE-2010-0219 Scanner
Detects 'Default Admin Password' vulnerability in Apache Software Foundation Axis2 affects v. 2.1.3 to 2.1.6.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
30 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Axis2 is an open-source software developed by the Apache Foundation for the deployment and management of web services. It is a flexible, extensible, and scalable platform that supports both SOAP and RESTful web services. Axis2 provides a wide range of features and components, including message-level security, data binding, and transport/payload optimizations, making it a popular choice for enterprise-level web services.
The CVE-2010-0219 vulnerability is a remote code execution vulnerability that affects the default installation of Apache Axis2. The vulnerability arises from the existence of a default, hardcoded password 'axis2' for the admin account in the software. This makes it possible for remote attackers to access and upload a crafted web service that executes arbitrary code. This vulnerability affects many products that use Axis2, such as SAP BusinessObjects Enterprise XI 3.2 and CA ARCserve D2D r15.
Exploiting this vulnerability can lead to serious consequences as attackers can access sensitive data, compromise the confidentiality, integrity, and availability of the system, and even take complete control of the target system. Exploitation of the vulnerability can result in a wide range of attacks, such as data theft, malware distribution, and system compromise. Hence, it is crucial to patch this vulnerability as soon as possible.
Using a vulnerability scanner such as the s4e.io platform can help users detect and discover vulnerabilities in their digital assets quickly and easily. The platform's pro features provide advanced scanning capabilities, such as vulnerability assessment, exploitability analysis, and remediation advice, enabling users to stay ahead of the latest threats and security issues. In conclusion, it is recommended that users take immediate action to mitigate this vulnerability to ensure the protection and security of their digital assets.
REFERENCES
- secunia.com: 41799
- https://kb.juniper.net/KB27373
- http://retrogod.altervista.org/9sg_ca_d2d.html
- osvdb.org: 70233
- exploit-db.com: 15869
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
- vupen.com: ADV-2010-2673
- securityfocus.com: 20101014 R7-0037: SAP BusinessObjects Axis2 Default Admin Password
- exchange.xforce.ibmcloud.com: businessobjects-dswsbobje-security-bypass(62523)
- secunia.com: 42763
- http://www.rapid7.com/security-center/advisories/R7-0037.jsp
- kb.cert.org: VU#989719
- securitytracker.com: 1024929
- https://service.sap.com/sap/support/notes/1432881
