icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Axis2 < 1.5 'xsd' Parameter Directory Traversal

Medium

Synopsis

The remote web server hosts a web application that is vulnerable to a directory traversal attack.

Description

The remote web server is hosting Axis2, a web services engine.

Versions of Axis2 earlier than 1.5 are potentially affected by a directory traversal vulnerability in the 'xsd' parameter in activated services. An attacker, exploiting this flaw, can read arbitrary files on the affected host.

Solution

Upgrade to Apache Axis2 1.5 or later.