Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Axis2 < 1.5 'xsd' Parameter Directory Traversal

Medium

Synopsis

The remote web server hosts a web application that is vulnerable to a directory traversal attack.

Description

The remote web server is hosting Axis2, a web services engine.

Versions of Axis2 earlier than 1.5 are potentially affected by a directory traversal vulnerability in the 'xsd' parameter in activated services. An attacker, exploiting this flaw, can read arbitrary files on the affected host.

Solution

Upgrade to Apache Axis2 1.5 or later.