svn commit: r958346 - in /axis/axis2/java/core/security: CVE-2010-1632.docx advisory-cve-2010-1632/ advisory-cve-2010-1632/pom.xml advisory-cve-2010-1632/src/ advisory-cve-2010-1632/src/docbkx/ adviso
Author: veithen Date: Sun Jun 27 07:51:38 2010 New Revision: 958346 URL: http://svn.apache.org/viewvc?rev=958346&view=rev Log: CVE-2010-1632: Converted the advisory document to Docbook (instead of MS Word). Added: axis/axis2/java/core/security/advisory-cve-2010-1632/ (with props) axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml (with props) axis/axis2/java/core/security/advisory-cve-2010-1632/src/ axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/ axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml (with props) Removed: axis/axis2/java/core/security/CVE-2010-1632.docx Propchange: axis/axis2/java/core/security/advisory-cve-2010-1632/ -- --- svn:ignore (added) +++ svn:ignore Sun Jun 27 07:51:38 2010 @@ -0,0 +1 @@ +target Added: axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml?rev=958346&view=auto == --- axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml (added) +++ axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml Sun Jun 27 07:51:38 2010 @@ -0,0 +1,62 @@ + + +http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> +4.0.0 + +org.apache +apache +7 + +org.apache.axis2 +advisory-cve-2010-1632 +1 +Axis2 Security Advisory CVE-2010-1632 +pom + + + +com.agilejava.docbkx +docbkx-maven-plugin +2.0.10 + + + +generate-pdf + +compile + +CVE-2010-1632.xml +1 + + + + + +org.docbook +docbook-xml +4.4 +runtime + + + + + + \ No newline at end of file Propchange: axis/axis2/java/core/security/advisory-cve-2010-1632/pom.xml -- svn:eol-style = native Added: axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml?rev=958346&view=auto == --- axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml (added) +++ axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml Sun Jun 27 07:51:38 2010 @@ -0,0 +1,479 @@ + +http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd";> + + + +Apache Axis2 Security Advisory (CVE-2010-1632) +HTTP binding (REST) enables DTD based XML attacks + +Andreas +Veithen +veit...@apache.org + +First version: May 16, 2010 ⢠First published: June 13, 2010 ⢠Last updated: June 13, 2010 + + +Description + +According to the SOAP 1.1 specification, A SOAP message MUST NOT contain a +Document Type Declaration. In Axis2, this constraint is enforced by the +StAXSOAPModelBuilder class, which is part of Axiom. This +approach presents two issues: + + + + +It only works for SOAP bindings. HTTP bindings supporting plain XML messages +still allow document type declarations in request messages. + + + + +When processing a document with a document type declaration, +StAXSOAPModelBuilder only reports an error after +receiving the DTD event from the StAX parser. However, at this point, +the StAX parser may already have processed (part of) the document type declaration. + + + + +This implies that Axis2 is vulnerable to DTD based XML attacks. There are two types of such attacks: + + + + +Document type declarations may reference other documents, namely a DTD or +external entities declared in the internal subset. If the XML parser is +configured with a de
svn commit: r958350 - in /axis/axis2/java/core/security: CVE-2010-1632.pdf advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml
Author: veithen Date: Sun Jun 27 08:39:37 2010 New Revision: 958350 URL: http://svn.apache.org/viewvc?rev=958350&view=rev Log: CVE-2010-1632: Updated the advisory with current information about vulnerable products and third party references. Modified: axis/axis2/java/core/security/CVE-2010-1632.pdf axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml Modified: axis/axis2/java/core/security/CVE-2010-1632.pdf URL: http://svn.apache.org/viewvc/axis/axis2/java/core/security/CVE-2010-1632.pdf?rev=958350&r1=958349&r2=958350&view=diff == Binary files - no diff available. Modified: axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml?rev=958350&r1=958349&r2=958350&view=diff == --- axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml (original) +++ axis/axis2/java/core/security/advisory-cve-2010-1632/src/docbkx/CVE-2010-1632.xml Sun Jun 27 08:39:37 2010 @@ -27,7 +27,7 @@ Veithen veit...@apache.org -First version: May 16, 2010 ⢠First published: June 13, 2010 ⢠Last updated: June 13, 2010 +First version: May 16, 2010 ⢠First published: June 13, 2010 ⢠Last updated: June 27, 2010 Description @@ -134,17 +134,51 @@ Other products -Axis2 is used in (or as the basis for) other products. This includes the Synapse, -ODE, Tuscany and Geronimo projects from the ASF, as well as several commercial -products. It is likely that these products are vulnerable as well. +Axis2 is used in (or as the basis for) other Open Source projects and +commercial products. It is likely that these products are vulnerable as well. +At the time of writing, the following information is available: + + + +Axis2 is used by the Synapse, ODE, Tuscany and Geronimo projects +from the ASF and it is expected that all these projects are +vulnerable. + + + + +Axis2 is used as the JAX-WS implementation in WebSphere Application +Server 7.0 and in the Feature Pack for Web Services for WAS 6.1. +Both are vulnerable. See +http://www-01.ibm.com/support/docview.wss?uid=swg21433581"/> +for details about the affected versions. + + + It is possible that Web service frameworks other than Axis2 are affected by -similar vulnerabilities. +similar vulnerabilities. At the time of writing, the following information +is available: + + + +Axis 1.4 is not vulnerable and immediately rejects any request +containing a DOCTYPE declaration. + + + + +A similar vulnerability exists in Apache CXF. Please refer to +CVE-2010-2076 for more details. + + + -The exploits described in may be used to check -whether a given product is vulnerable. +For projects and products not listed above or for which no information +is available, the exploits described in may be +used to check for vulnerability. @@ -466,6 +500,31 @@ expected a '<' to start a directive initially described in JIRA report AXIS2-4450https://issues.apache.org/jira/browse/AXIS2-4450"/>. + +The issue is tracked by third parties with the following references: + + + + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1632";>CVE-2010-1632 + + + + +http://secunia.com/advisories/40252";>Secunia Advisory SA40252 + + + + +http://www.vupen.com/english/advisories/2010/1528";>VUPEN/ADV-2010-1528 + + + + +https://bugzilla.redhat.com/show_bug.cgi?id=607118";>Re
svn commit: r958361 - /axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml
Author: veithen Date: Sun Jun 27 10:56:46 2010 New Revision: 958361 URL: http://svn.apache.org/viewvc?rev=958361&view=rev Log: Redirect apache.snapshots to the new (Nexus) snapshot repository so that Maven can download Axiom snapshots. Modified: axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml Modified: axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml?rev=958361&r1=958360&r2=958361&view=diff == --- axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml (original) +++ axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml Sun Jun 27 10:56:46 2010 @@ -475,6 +475,19 @@ Checksum policy when not specified always defaults to 'warn' which is what we want. --> + + +apache.snapshots +Apache Snapshot Repository +http://repository.apache.org/snapshots + +false + + true
svn commit: r958375 - in /axis/axis2/java/core/branches/java/1_5: ./ modules/adb-codegen/ modules/adb/ modules/addressing/ modules/clustering/ modules/codegen/ modules/corba/ modules/fastinfoset/ modu
Author: veithen Date: Sun Jun 27 12:26:12 2010 New Revision: 958375 URL: http://svn.apache.org/viewvc?rev=958375&view=rev Log: AXIS2-3290: Merged r904780 to the 1.5 branch, so that people who build the branch with maven.test.skip=true stop complaining about build failures. Modified: axis/axis2/java/core/branches/java/1_5/ (props changed) axis/axis2/java/core/branches/java/1_5/modules/adb-codegen/pom.xml axis/axis2/java/core/branches/java/1_5/modules/adb/pom.xml axis/axis2/java/core/branches/java/1_5/modules/addressing/pom.xml axis/axis2/java/core/branches/java/1_5/modules/clustering/pom.xml axis/axis2/java/core/branches/java/1_5/modules/codegen/pom.xml axis/axis2/java/core/branches/java/1_5/modules/corba/pom.xml axis/axis2/java/core/branches/java/1_5/modules/fastinfoset/pom.xml axis/axis2/java/core/branches/java/1_5/modules/integration/pom.xml axis/axis2/java/core/branches/java/1_5/modules/java2wsdl/pom.xml axis/axis2/java/core/branches/java/1_5/modules/jaxbri/pom.xml axis/axis2/java/core/branches/java/1_5/modules/jaxws-integration/pom.xml axis/axis2/java/core/branches/java/1_5/modules/jaxws-mar/pom.xml axis/axis2/java/core/branches/java/1_5/modules/jaxws/pom.xml axis/axis2/java/core/branches/java/1_5/modules/jibx/pom.xml axis/axis2/java/core/branches/java/1_5/modules/json/pom.xml axis/axis2/java/core/branches/java/1_5/modules/kernel/pom.xml axis/axis2/java/core/branches/java/1_5/modules/kernel/src/org/apache/axis2/transport/http/util/QueryStringParser.java (props changed) axis/axis2/java/core/branches/java/1_5/modules/kernel/test/org/apache/axis2/transport/http/util/QueryStringParserTest.java (props changed) axis/axis2/java/core/branches/java/1_5/modules/metadata/pom.xml axis/axis2/java/core/branches/java/1_5/modules/mex/pom.xml axis/axis2/java/core/branches/java/1_5/modules/mtompolicy-mar/pom.xml axis/axis2/java/core/branches/java/1_5/modules/mtompolicy/pom.xml axis/axis2/java/core/branches/java/1_5/modules/parent/pom.xml axis/axis2/java/core/branches/java/1_5/modules/ping/pom.xml axis/axis2/java/core/branches/java/1_5/modules/saaj/pom.xml axis/axis2/java/core/branches/java/1_5/modules/samples/pom.xml axis/axis2/java/core/branches/java/1_5/modules/scripting/pom.xml axis/axis2/java/core/branches/java/1_5/modules/tool/axis2-java2wsdl-maven-plugin/pom.xml axis/axis2/java/core/branches/java/1_5/modules/tool/axis2-wsdl2code-maven-plugin/pom.xml axis/axis2/java/core/branches/java/1_5/modules/transport/http/pom.xml (props changed) axis/axis2/java/core/branches/java/1_5/modules/transport/http/src/ (props changed) axis/axis2/java/core/branches/java/1_5/modules/transport/local/ (props changed) axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/java/org/apache/axis2/webapp/AdminAgent.java (props changed) axis/axis2/java/core/branches/java/1_5/modules/webapp/src/main/java/org/apache/axis2/webapp/AxisAdminServlet.java (props changed) axis/axis2/java/core/branches/java/1_5/modules/xmlbeans/pom.xml Propchange: axis/axis2/java/core/branches/java/1_5/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Sun Jun 27 12:26:12 2010 @@ -1,2 +1,2 @@ /axis/axis2/java/core/trunk:944347,944915,951385 -/webservices/axis2/trunk/java:732924,732927,732939,733776,741873,748761,754458,754467,754503,757151-757153,759488,759507,759878,759968,761025,761044,761709,761770,761952,763148,765102,771051,801630,803725,834058 +/webservices/axis2/trunk/java:732924,732927,732939,733776,741873,748761,754458,754467,754503,757151-757153,759488,759507,759878,759968,761025,761044,761709,761770,761952,763148,765102,771051,801630,803725,834058,904780 Modified: axis/axis2/java/core/branches/java/1_5/modules/adb-codegen/pom.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/adb-codegen/pom.xml?rev=958375&r1=958374&r2=958375&view=diff == --- axis/axis2/java/core/branches/java/1_5/modules/adb-codegen/pom.xml (original) +++ axis/axis2/java/core/branches/java/1_5/modules/adb-codegen/pom.xml Sun Jun 27 12:26:12 2010 @@ -83,7 +83,6 @@ maven-surefire-plugin true -false **/*Abstract*.java **/*Util*.java @@ -124,7 +123,7 @@ generate-test-sources generate-test-sources - + Modified: axis/axis2/java/core/branches/java/1_5/modules/adb/pom.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/core/branches/java/1_5/modules/a
svn commit: r958410 [2/2] - in /axis/axis2/java/rampart/trunk/modules: documentation/src/site/resources/samples/policy/ rampart-integration/src/test/resources/rahas/policy/ rampart-integration/src/tes
Modified: axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml?rev=958410&r1=958409&r2=958410&view=diff == --- axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml Sun Jun 27 19:05:10 2010 @@ -24,7 +24,7 @@ - + Modified: axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml?rev=958410&r1=958409&r2=958410&view=diff == --- axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml Sun Jun 27 19:05:10 2010 @@ -25,7 +25,7 @@ - + Modified: axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml?rev=958410&r1=958409&r2=958410&view=diff == --- axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml Sun Jun 27 19:05:10 2010 @@ -25,7 +25,7 @@ - + Modified: axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml?rev=958410&r1=958409&r2=958410&view=diff == --- axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml Sun Jun 27 19:05:10 2010 @@ -23,7 +23,7 @@ - + Modified: axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml?rev=958410&r1=958409&r2=958410&view=diff == --- axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml (original) +++ axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml Sun Jun 27 19:05:10 2010 @@ -15,7 +15,7 @@ - +
