CVE-2010-2103: Improper Neutralization of Input During Web Page Generation in Apache Axis2
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.95456%
CWE
Published
5/14/2022
Updated
1/27/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.axis2.wso2:axis2 | maven | >= 1.4.1, < 1.6.0 | 1.6.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability manifests in the module engagement handler of Axis2's admin console where user-controlled 'modules' parameter is reflected unsanitized. The exploit URL structure and third-party advisories indicate the XSS occurs in the engagingglobally endpoint processing, which maps to a servlet's doGet
method handling HTTP parameters. While no direct patch is shown, the universal XSS mitigation pattern requires adding output encoding at the response generation point in this handler.