You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Yana Poliashenko (JIRA)" <ji...@apache.org> on 2015/02/19 21:21:13 UTC
[jira] [Created] (AXIS2-5689) A Veracode security scan reports
multiple severity 4 security flaws in axis2.jar
Yana Poliashenko created AXIS2-5689:
---------------------------------------
Summary: A Veracode security scan reports multiple severity 4 security flaws in axis2.jar
Key: AXIS2-5689
URL: https://issues.apache.org/jira/browse/AXIS2-5689
Project: Axis2
Issue Type: Bug
Affects Versions: 1.6.2
Reporter: Yana Poliashenko
Priority: Critical
A Veracode security scan reports multiple severity 4 security flaws in axis2.jar.
Information Exposure Through an Error Message axis2.war HappyAxis.jsp: 146
Session Fixation axis2.war viewphases.jsp: 27
Information Exposure Through an Error Message axis2.war error.jsp: 28
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) axis2.war ServiceParaEdit.jsp: 116
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) axis2.war disengage.jsp: 21
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) axis2.war deleteService.jsp: 21
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) axis2.war HappyAxis.jsp: 449
Information Exposure Through an Error Message axis2.war viewServiceGroupContext.jsp: 41
Information Exposure Through an Error Message axis2.war HappyAxis.jsp: 449
Information Exposure Through an Error Message axis2.war upload.jsp: 49
Information Exposure Through an Error Message axis2.war viewServiceContext.jsp: 39
Information Exposure Through Sent Data axis2.war HappyAxis.jsp: 493
Information Exposure Through Sent Data axis2.war HappyAxis.jsp: 494
Session Fixation axis2.war AdminAgent.java: 628 1 Open none
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org