Local File Inclusion Vulnerability on parsing WSDL related XYD Files --------------------------------------------------------------------
Key: AXIS2-4279 URL: https://issues.apache.org/jira/browse/AXIS2-4279 Project: Axis 2.0 (Axis2) Issue Type: Bug Environment: Tomcat 5.5 Axis2 1.4.1 Reporter: Wolfram Kluge Hello i dont know if it is a vulnerability or it is an issue of missconfiguration. The problem occur by doing the following things, http://localhost:8080/InsaneService/services/WSInsane?xsd=/../../../WEB-INF/conf/axis2.xml i was able to get these files displayed by the web browser. Once i tried this, furthermore i was also able to get public and private keystore/truststore located in the WEB-IN dir as well. So please let me know if it is a missconfiguration, and tell me how i can configure more securely. If its a bug please let me also know! Thank you in advance! Wolfram -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.