Local File Inclusion Vulnerability on parsing WSDL related XYD Files
--------------------------------------------------------------------
Key: AXIS2-4279
URL: https://issues.apache.org/jira/browse/AXIS2-4279
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Environment: Tomcat 5.5
Axis2 1.4.1
Reporter: Wolfram Kluge
Hello
i dont know if it is a vulnerability or it is an issue of missconfiguration.
The problem occur by doing the following things,
http://localhost:8080/InsaneService/services/WSInsane?xsd=/../../../WEB-INF/conf/axis2.xml
i was able to get these files displayed by the web browser. Once i tried this,
furthermore i was also able to get public and private keystore/truststore
located in the WEB-IN dir as well.
So please let me know if it is a missconfiguration, and tell me how i can
configure more securely.
If its a bug please let me also know!
Thank you in advance!
Wolfram
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
