Apache Axis2 < 1.5 'xsd' Parameter Directory Traversal
Medium Nessus Network Monitor Plugin ID 5554
SynopsisThe remote web server hosts a web application that is vulnerable to a directory traversal attack.
DescriptionThe remote web server is hosting Axis2, a web services engine.
Versions of Axis2 earlier than 1.5 are potentially affected by a directory traversal vulnerability in the 'xsd' parameter in activated services. An attacker, exploiting this flaw, can read arbitrary files on the affected host.
SolutionUpgrade to Apache Axis2 1.5 or later.