Yana Poliashenko created AXIS2-5689:
---------------------------------------
Summary: A Veracode security scan reports multiple severity 4
security flaws in axis2.jar
Key: AXIS2-5689
URL: https://issues.apache.org/jira/browse/AXIS2-5689
Project: Axis2
Issue Type: Bug
Affects Versions: 1.6.2
Reporter: Yana Poliashenko
Priority: Critical
A Veracode security scan reports multiple severity 4 security flaws in
axis2.jar.
Information Exposure Through an Error Message axis2.war HappyAxis.jsp:
146
Session Fixation axis2.war viewphases.jsp: 27
Information Exposure Through an Error Message axis2.war error.jsp: 28
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
axis2.war ServiceParaEdit.jsp: 116
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
axis2.war disengage.jsp: 21
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
axis2.war deleteService.jsp: 21
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
axis2.war HappyAxis.jsp: 449
Information Exposure Through an Error Message axis2.war
viewServiceGroupContext.jsp: 41
Information Exposure Through an Error Message axis2.war HappyAxis.jsp:
449
Information Exposure Through an Error Message axis2.war upload.jsp: 49
Information Exposure Through an Error Message axis2.war
viewServiceContext.jsp: 39
Information Exposure Through Sent Data axis2.war HappyAxis.jsp: 493
Information Exposure Through Sent Data axis2.war HappyAxis.jsp: 494
Session Fixation axis2.war AdminAgent.java: 628 1 Open
none
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
