[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rampart-dev
Subject:    [jira] [Reopened] (AXIS2-5846) Local file inclusion vulnerability in Axis2
From:       "Nupur (JIRA)" <jira () apache ! org>
Date:       2017-04-20 5:12:04
Message-ID: JIRA.13065045.1492596429000.2481.1492665124154 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Nupur reopened AXIS2-5846:
--------------------------

> Local file inclusion vulnerability in Axis2
> -------------------------------------------
> 
> Key: AXIS2-5846
> URL: https://issues.apache.org/jira/browse/AXIS2-5846
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.2
> Reporter: Nupur
> 
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2 
> An defect has been raised on Present PCP 7.3 axis version 
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It 
> allows the attacker to view certain files that would normally be inaccessible. This \
> is a violation of PSB requirement SEC-SUP-PATCH because this is a publicly \
>                 disclosed vulnerability with a patch. 
> *security impact: Some of the files that are accessible via this LFI contain the \
> username and password to the Axis2 admin interface. While the admin interface \
> appears to be disabled currently, if it was ever enabled or an attacker found a way \
> to access it, they would gain admin access to the Axis2 system.  In addition, this \
> vulnerability is publicly known, which makes it more likely to be exploited by an \
> attacker. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]