Title: Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
Severity: MODERATE
Description:
Apache AXIS is an implementation of the Simple Object Access Protocol.
Apache AXIS is prone to a path-information-disclosure vulnerability. Exploiting this issue may allow remote unauthorized attackers to determine webserver directory paths. Specifically, an attacker can carry out this attack by issuing a malformed URI request that requests a nonexistent 'WSDL' (Web Service Definition Language) file. This results in an error (in the 'java.io.FileNotFoundException' function) that discloses the webserver's directory path information to the attacker.
Information that attackers gain by exploiting this issue may help them launch further attacks against an affected server.
Apache AXIS 1.0 is vulnerable to this issue.
Affected Products:
- Apache AXIS 1.0
References:
- Apache: Apache AXIS Homepage
- Jericho: [VIM] Apache AXIS Non-Existent Java Web Service Path Disclosure?
- Open Source Vulnerability Database: Apache Axis Non-Existent Java Web Service Path Disclosure
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
