[
https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15980941#comment-15980941
]
Nupur commented on AXIS2-5846:
------------------------------
Hi,
Thanks for the resolution, when the fix will be released or how can I
incorporate it into my existing system?
Regards,
Nupur
> Local file inclusion vulnerability in SimpleHTTPServer
> ------------------------------------------------------
>
> Key: AXIS2-5846
> URL: https://issues.apache.org/jira/browse/AXIS2-5846
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.6.2, 1.7.4
> Reporter: Nupur
> Assignee: Andreas Veithen
> Fix For: 1.7.5
>
>
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2
> An defect has been raised on Present PCP 7.3 axis version
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It
> allows the attacker to view certain files that would normally be
> inaccessible. This is a violation of PSB requirement SEC-SUP-PATCH because
> this is a publicly disclosed vulnerability with a patch.
> *security impact: Some of the files that are accessible via this LFI contain
> the username and password to the Axis2 admin interface. While the admin
> interface appears to be disabled currently, if it was ever enabled or an
> attacker found a way to access it, they would gain admin access to the Axis2
> system.
> In addition, this vulnerability is publicly known, which makes it more likely
> to be exploited by an attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
