CVE-2010-2103

Publication date 27 May 2010

Last updated 24 July 2024

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
axis	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Ignored
	10.10 maverick	Ignored
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

this is axis2, not the axis source package in Debian/ubuntu

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2103