[prev in list] [next in list] [prev in thread] [next in thread]
List: kandula-dev
Subject: [jira] [Commented] (AXIS2-5846) Local file inclusion vulnerability in SimpleHTTPServer
From: "Nupur (JIRA)" <jira () apache ! org>
Date: 2017-04-24 9:43:04
Message-ID: JIRA.13065045.1492596429000.31668.1493026984134 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=15980941#comment-15980941 ]
Nupur commented on AXIS2-5846:
------------------------------
Hi,
Thanks for the resolution, when the fix will be released or how can I incorporate it \
into my existing system?
Regards,
Nupur
> Local file inclusion vulnerability in SimpleHTTPServer
> ------------------------------------------------------
>
> Key: AXIS2-5846
> URL: https://issues.apache.org/jira/browse/AXIS2-5846
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.6.2, 1.7.4
> Reporter: Nupur
> Assignee: Andreas Veithen
> Fix For: 1.7.5
>
>
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2
> An defect has been raised on Present PCP 7.3 axis version
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It
> allows the attacker to view certain files that would normally be inaccessible. This \
> is a violation of PSB requirement SEC-SUP-PATCH because this is a publicly \
> disclosed vulnerability with a patch.
> *security impact: Some of the files that are accessible via this LFI contain the \
> username and password to the Axis2 admin interface. While the admin interface \
> appears to be disabled currently, if it was ever enabled or an attacker found a way \
> to access it, they would gain admin access to the Axis2 system. In addition, this \
> vulnerability is publicly known, which makes it more likely to be exploited by an \
> attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic