Hi Folks,
Any help on this would be appreciated!!! Regards, Fateh Singh, Extn: 612 (Gurgaon) From: fateh.singh [mailto:fateh.si...@newgen.co.in] Sent: Monday, January 29, 2018 10:59 AM To: 'java-dev@axis.apache.org' Cc: 'Nitin Kumar'; 'Puneet Pahuja'; 'Sandeep Singh Raghuvanshi' Subject: [Axis2] : Application Error message in Acunetix Report Hi Team, We scanned the axis2 version 1.7.6 with Acunetix to find security threats. Acunetix reported an issue "Application Error Message". We are getting response code 500 with error message "Internal Server Error". We tried replacing "axis2.war\axis2-web\Error\error500.jsp" with custom jsp/html file and updated the same in web.xml at location "axis2.war\WEB-INF" but it did not solve our problem. Please help us removing this from Acunetix report. For your reference snippet of Acunetix report is given below. Description This alert requires manual confirmation Application error or warning messages may expose sensitive information about an application's internal workings to an attacker. Acunetix found an error or warning message that may disclose sensitive information. The message may also contain the location of the file that produced an unhandled exception. Consult the 'Attack details' section for more information about the affected page. Impact Error messages may disclose sensitive information which can be used to escalate attacks. Affected items /axis2/services/ibps07jan_11_1_service.ibps07jan_11_1_serviceHttpEndpoint Details WSDL input ibps07jan_11_1_service.ibps07jan_11_1_serviceHttpEndpoint.wfUploadWorkitem.a ddress was set to bHpHRENnODc1b3l0MkQ1TTJyd0lJNw== Pattern found: Internal Server Error Request headers POST /axis2/services/ibps07jan_11_1_service.ibps07jan_11_1_serviceHttpEndpoint/wf UploadWorkitem HTTP/1.1 Content-Type: application/x-www-form-urlencoded Cookie: JSESSIONID=2hgS8DeuNDFLGn8nUOaDlGG2; JSESSIONID=2hgS8DeuNDFLGn8nUOaDlGG2 Host: 192.168.57.103:8080 Content-Length: 0 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Acunetix-Product: WVS/11.0 (Acunetix - WVSE) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Regards, Fateh Singh, Disclaimer :- This e-mail and any attachment may contain confidential, proprietary or legally privileged information. If you are not the original intended recipient and have erroneously received this message, you are prohibited from using, copying, altering or disclosing the content of this message. Please delete it immediately and notify the sender. Newgen Software Technologies Ltd (NSTL) accepts no responsibilities for loss or damage arising from the use of the information transmitted by this email including damages from virus and further acknowledges that no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of NSTL.
