PT-2007-3686 · Apache+1 · Apache Axis+1

Curmudgeonjericho

·

Publicado

2007-04-30

·

Atualizado

2022-05-01

·

CVE-2007-2353

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache Axis version 1.0
Description The issue allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file. This action reveals the installation path in the resulting exception message.
Recommendations For Apache Axis version 1.0, consider restricting access to the WSDL files to minimize the risk of exploitation. As a temporary workaround, modify the error handling mechanism to avoid disclosing sensitive information, such as the installation path, in exception messages.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2007-2353
GHSA-2C4W-2PX5-9X3X

Produtos afetados

Apache Axis
Debian