[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: [jira] [Reopened] (AXIS2-5846) Local file inclusion vulnerability in Axis2
From: "Nupur (JIRA)" <jira () apache ! org>
Date: 2017-04-20 5:12:04
Message-ID: JIRA.13065045.1492596429000.2481.1492665124154 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS2-5846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Nupur reopened AXIS2-5846:
--------------------------
> Local file inclusion vulnerability in Axis2
> -------------------------------------------
>
> Key: AXIS2-5846
> URL: https://issues.apache.org/jira/browse/AXIS2-5846
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.2
> Reporter: Nupur
>
> Defect CSCvd86595: Local file inclusion vulnerability in Axis2
> An defect has been raised on Present PCP 7.3 axis version
> *There is a Local File Inclusion (LFI) present in the Axis2 service. It
> allows the attacker to view certain files that would normally be inaccessible. This \
> is a violation of PSB requirement SEC-SUP-PATCH because this is a publicly \
> disclosed vulnerability with a patch.
> *security impact: Some of the files that are accessible via this LFI contain the \
> username and password to the Axis2 admin interface. While the admin interface \
> appears to be disabled currently, if it was ever enabled or an attacker found a way \
> to access it, they would gain admin access to the Axis2 system. In addition, this \
> vulnerability is publicly known, which makes it more likely to be exploited by an \
> attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic