[jira] [Updated] (AXIS2-5689) A Veracode security scan reports multiple severity 4 security flaws in axis2.jar

Mon, 28 Oct 2024 08:57:33 -0700 


     [ 
https://issues.apache.org/jira/browse/AXIS2-5689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski updated AXIS2-5689:
-----------------------------------
    Fix Version/s: 2.0.0

> A Veracode security scan reports multiple severity 4 security flaws in 
> axis2.jar
> --------------------------------------------------------------------------------
>
>                 Key: AXIS2-5689
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5689
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Yana Poliashenko
>            Assignee: Robert Lazarski
>            Priority: Critical
>              Labels: security
>             Fix For: 2.0.0
>
>
> A Veracode security scan reports multiple severity 4 security flaws in 
> axis2.jar.
>       
> Information Exposure Through an Error Message axis2.war       HappyAxis.jsp: 
> 146      
> Session Fixation      axis2.war       viewphases.jsp: 27      
> Information Exposure Through an Error Message axis2.war       error.jsp: 28   
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 
> axis2.war       ServiceParaEdit.jsp: 116        
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 
> axis2.war       disengage.jsp: 21       
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 
> axis2.war       deleteService.jsp: 21
> Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 
> axis2.war       HappyAxis.jsp: 449
> Information Exposure Through an Error Message axis2.war       
> viewServiceGroupContext.jsp: 41
> Information Exposure Through an Error Message axis2.war       HappyAxis.jsp: 
> 449
> Information Exposure Through an Error Message axis2.war       upload.jsp: 49
> Information Exposure Through an Error Message axis2.war       
> viewServiceContext.jsp: 39
> Information Exposure Through Sent Data        axis2.war       HappyAxis.jsp: 
> 493
> Information Exposure Through Sent Data        axis2.war       HappyAxis.jsp: 
> 494
> Session Fixation      axis2.war       AdminAgent.java: 628    1       Open    
> none



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to