Nupur created AXIS2-5846:
----------------------------
Summary: Local file inclusion vulnerability in Axis2
Key: AXIS2-5846
URL: https://issues.apache.org/jira/browse/AXIS2-5846
Project: Axis2
Issue Type: Bug
Affects Versions: 1.6.2
Reporter: Nupur
Defect CSCvd86595: Local file inclusion vulnerability in Axis2
An defect has been raised on Present PCP 7.3 axis version
*There is a Local File Inclusion (LFI) present in the Axis2 service. It
allows the attacker to view certain files that would normally be
inaccessible. This is a violation of PSB requirement SEC-SUP-PATCH because this
is a publicly disclosed vulnerability with a patch.
*security impact: Some of the files that are accessible via this LFI contain
the username and password to the Axis2 admin interface. While the admin
interface appears to be disabled currently, if it was ever enabled or an
attacker found a way to access it, they would gain admin access to the Axis2
system.
In addition, this vulnerability is publicly known, which makes it more likely
to be exploited by an attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
