__
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testing
Date: Wed, 26 Nov 2014 14:06:04 -0500
From: ssel...@datamentors.com
To: mgai...@hotmail.com; java-user@axis.apache.org
-user@axis.apache.org; Scott Selvia
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testing
1)DTDs not been supported by axis for at least 10 years and any/all
attempts to implement DTDs will
fubar your axis default installation
you *can* install your own incoming/outgoing message receive
se of search engines was banned..now i
know why
Happy Thanksgiving All
Martin
__
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testin
t;Good SOAP Message");
}
catch (Exception e)
{
e.printStackTrace();
response = new MyResponse("Bad SOAP Message");
}
}
From: Scott Selvia [mailto:ssel...@datamentors.com]
Sent: Wednesday, November 26, 2014 10:59 AM
To: java-user@axis.apache.org
Subjec
entors.com]
Sent: Wednesday, November 26, 2014 10:41 AM
To: java-user@axis.apache.org
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testing
Brando,
It is our service so we have access to the service code, what I'm not
getting is catching the exception. Can you point me t
java-user@axis.apache.org
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testing
Brando,
It is our service so we have access to the service code, what I'm not getting
is catching the exception. Can you point me to some examples?
Thanks,
Scott
From: Arguello, Brando [mail
-user@axis.apache.org
Subject: RE: How to Solve Axis2 Information Leakage from OWASP Testing
Scott,
If you have access to the service one option is..
On the service side, catch the exception, extract the information you
need and return an object so it goes through the regular "OutF
che.org
Subject: How to Solve Axis2 Information Leakage from OWASP Testing
We are running security tests on our Axis2 1.6.2 web services. It has been
pointed out that we have an OWASP information leakage and I'm trying to figure
out how to solve this. We intercept the SOAP request and java.xm
We are running security tests on our Axis2 1.6.2 web services. It has
been pointed out that we have an OWASP information leakage and I'm
trying to figure out how to solve this. We intercept the SOAP request
and java.xml.stream.XMLSt
reamException: DOCTYPE is not allowed
I'm trying to gather i
