PT-2007-3686 · Apache+1 · Apache Axis+1
Curmudgeonjericho
·
Published
2007-04-30
·
Updated
2022-05-01
·
CVE-2007-2353
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Axis version 1.0
Description
The issue allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file. This action reveals the installation path in the resulting exception message.
Recommendations
For Apache Axis version 1.0, consider restricting access to the WSDL files to minimize the risk of exploitation. As a temporary workaround, modify the error handling mechanism to avoid disclosing sensitive information, such as the installation path, in exception messages.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Axis
Debian