[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sandesha-dev
Subject:    [jira] [Created] (AXIS2-5846) Local file inclusion vulnerability in Axis2
From:       "Nupur (JIRA)" <jira () apache ! org>
Date:       2017-04-19 10:07:41
Message-ID: JIRA.13065045.1492596429000.316377.1492596461646 () Atlassian ! JIRA
[Download RAW message or body]

Nupur created AXIS2-5846:
----------------------------

             Summary: Local file inclusion vulnerability in Axis2
                 Key: AXIS2-5846
                 URL: https://issues.apache.org/jira/browse/AXIS2-5846
             Project: Axis2
          Issue Type: Bug
    Affects Versions: 1.6.2
            Reporter: Nupur


Defect CSCvd86595: Local file inclusion vulnerability in Axis2 
An defect has been raised on Present PCP 7.3 axis version 
*There is a Local File Inclusion (LFI) present in the Axis2 service. It 
  allows the attacker to view certain files that would normally be inaccessible. This \
is a violation of PSB requirement SEC-SUP-PATCH because this is a publicly disclosed \
                vulnerability with a patch. 
*security impact: Some of the files that are accessible via this LFI contain the \
username and password to the Axis2 admin interface. While the admin interface appears \
to be disabled currently, if it was ever enabled or an attacker found a way to access \
it, they would gain admin access to the Axis2 system.  In addition, this \
vulnerability is publicly known, which makes it more likely to be exploited by an \
attacker. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]