Apache AXIS Non-Existent WSDL文件路径信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112809 漏洞类型 信息泄露
发布时间 2007-04-27 更新时间 2007-06-01
CVE编号 CVE-2007-2353 CNNVD-ID CNNVD-200704-599
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29930
https://www.securityfocus.com/bid/23687
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-599
|漏洞详情
ApacheAxis存在敏感信息泄露漏洞。远程攻击者可以通过请求一个不存在的WSDL文件,获得敏感信息。该WSDL文件会在exception信息中显示安装路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/23687/info

Apache AXIS is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to determine webserver directory paths.

Information obtained may aid attackers in launching further attacks against an affected server.

Apache AXIS 1.0 is vulnerable to this issue. 

http://www.example.com/axis/tt_pm4l.jws?wsdl
|受影响的产品
Apache Axis 1.0
|参考资料

来源:XF
名称:apache-axis-wsdl-path-disclosure(34167)
链接:http://xforce.iss.net/xforce/xfdb/34167
来源:BID
名称:23687
链接:http://www.securityfocus.com/bid/23687
来源:OSVDB
名称:34154
链接:http://www.osvdb.org/34154
来源:VIM
名称:20070427ApacheAXISNon-ExistentJavaWebServicePathDisclosure?
链接:http://attrition.org/pipermail/vim/2007-April/001562.html