[ 
https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15976208#comment-15976208
 ] 

Nupur commented on AXIS2-5846:
------------------------------

I am using axis2 1.6.2, is this vulnerability was not fixed in that version, 
can you suggest me some workaround if I do not want to update my version.
Or I have to update the version to fix it?

> Local file inclusion vulnerability in Axis2
> -------------------------------------------
>
>                 Key: AXIS2-5846
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5846
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Nupur
>
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2 
> An defect has been raised on Present PCP 7.3 axis version 
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It 
>   allows the attacker to view certain files that would normally be 
> inaccessible. This is a violation of PSB requirement SEC-SUP-PATCH because 
> this is a publicly disclosed vulnerability with a patch. 
> *security impact: Some of the files that are accessible via this LFI contain 
> the username and password to the Axis2 admin interface. While the admin 
> interface appears to be disabled currently, if it was ever enabled or an 
> attacker found a way to access it, they would gain admin access to the Axis2 
> system. 
> In addition, this vulnerability is publicly known, which makes it more likely 
> to be exploited by an attacker. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to