Signature Detail
Short Name |
HTTP:APACHE:AXIS-SOAP-DOS |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Axis Multiple Vendor SOAP Arrays Denial of Service |
Release Date |
2012/05/10 |
Update Number |
2134 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache Axis Multiple Vendor SOAP Arrays Denial of Service
This signature detects attempts to exploit a known vulnerability against multiple vendors using Apache Axis. A successful attack can result in a denial-of-service condition.
Extended Description
A problem has been identified in several different SOAP servers when handling certain types of requests. Because of this, it is possible for an attacker to force a denial of service on systems using a vulnerable implementation. This BID will be updated as further details regarding this vulnerability are made public.
Affected Products
- Macromedia ColdFusion MX 6.0.0
- Macromedia ColdFusion MX 6.1.0
- Macromedia ColdFusion MX J2EE 6.0.0
- Macromedia ColdFusion MX J2EE 6.1.0
- Macromedia JRun 4.0.0
- Macromedia JRun 4.0.0 build 61650
- Macromedia JRun 4.0.0 SP1
- Macromedia JRun 4.0.0 SP1a
- Sun ONE Application Server 7.0.0 Platform Edition
- Sun ONE Application Server 7.0.0 Standard Edition
- Sun ONE Application Server 7.0.0 UR1 Platform Edition
- Sun ONE Application Server 7.0.0 UR1 Standard Edition
- Sun ONE Application Server 7.0.0 UR2 Platform Edition
- Sun ONE Application Server 7.0.0 UR2 Standard Edition
- Sun ONE Application Server 7.0.0 UR2 Upgrade Platform
- Sun ONE Application Server 7.0.0 UR2 Upgrade Standard
References
- BugTraq: 9877
- CVE: CVE-2004-1815