[
https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15980401#comment-15980401
]
Hudson commented on AXIS2-5846:
-------------------------------
SUCCESS: Integrated in Jenkins build axis2-1.7 #111 (See
[https://builds.apache.org/job/axis2-1.7/111/])
AXIS2-5846: Merge r1792353 to the 1.7 branch. (veithen: rev 1792354)
* (edit) axis2
* (edit)
axis2/modules/transport/http/src/org/apache/axis2/transport/http/HTTPTransportUtils.java
* (edit)
axis2/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java
* (edit)
axis2/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java
> Local file inclusion vulnerability in SimpleHTTPServer
> ------------------------------------------------------
>
> Key: AXIS2-5846
> URL: https://issues.apache.org/jira/browse/AXIS2-5846
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.2, 1.7.4
> Reporter: Nupur
>
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2
> An defect has been raised on Present PCP 7.3 axis version
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It
> allows the attacker to view certain files that would normally be
> inaccessible. This is a violation of PSB requirement SEC-SUP-PATCH because
> this is a publicly disclosed vulnerability with a patch.
> *security impact: Some of the files that are accessible via this LFI contain
> the username and password to the Axis2 admin interface. While the admin
> interface appears to be disabled currently, if it was ever enabled or an
> attacker found a way to access it, they would gain admin access to the Axis2
> system.
> In addition, this vulnerability is publicly known, which makes it more likely
> to be exploited by an attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
