[prev in list] [next in list] [prev in thread] [next in thread]
List: sandesha-dev
Subject: [jira] [Created] (AXIS2-5846) Local file inclusion vulnerability in Axis2
From: "Nupur (JIRA)" <jira () apache ! org>
Date: 2017-04-19 10:07:41
Message-ID: JIRA.13065045.1492596429000.316377.1492596461646 () Atlassian ! JIRA
[Download RAW message or body]
Nupur created AXIS2-5846:
----------------------------
Summary: Local file inclusion vulnerability in Axis2
Key: AXIS2-5846
URL: https://issues.apache.org/jira/browse/AXIS2-5846
Project: Axis2
Issue Type: Bug
Affects Versions: 1.6.2
Reporter: Nupur
Defect CSCvd86595: Local file inclusion vulnerability in Axis2
An defect has been raised on Present PCP 7.3 axis version
*There is a Local File Inclusion (LFI) present in the Axis2 service. It
allows the attacker to view certain files that would normally be inaccessible. This \
is a violation of PSB requirement SEC-SUP-PATCH because this is a publicly disclosed \
vulnerability with a patch.
*security impact: Some of the files that are accessible via this LFI contain the \
username and password to the Axis2 admin interface. While the admin interface appears \
to be disabled currently, if it was ever enabled or an attacker found a way to access \
it, they would gain admin access to the Axis2 system. In addition, this \
vulnerability is publicly known, which makes it more likely to be exploited by an \
attacker.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic