You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Amila Chinthaka Suriarachchi (JIRA)" <ji...@apache.org> on 2010/01/04 07:20:55 UTC

[jira] Resolved: (AXIS2-4279) Local File Inclusion Vulnerability on parsing WSDL related XSD Files

     [ https://issues.apache.org/jira/browse/AXIS2-4279?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Amila Chinthaka Suriarachchi resolved AXIS2-4279.
-------------------------------------------------

    Resolution: Fixed

fixed in the current trunk

> Local File Inclusion Vulnerability on parsing WSDL related XSD Files
> --------------------------------------------------------------------
>
>                 Key: AXIS2-4279
>                 URL: https://issues.apache.org/jira/browse/AXIS2-4279
>             Project: Axis2
>          Issue Type: Bug
>          Components: transports
>    Affects Versions: 1.4.1
>         Environment: Tomcat 5.5
> Axis2 1.4.1
>            Reporter: Wolfram Kluge
>            Priority: Blocker
>             Fix For: nightly
>
>
> Hello
> i dont know if it is a vulnerability or it is an issue of missconfiguration.
> The problem occur by doing the following things,
> http://localhost:8080/InsaneService/services/WSInsane?xsd=/../../../WEB-INF/conf/axis2.xml
> i was able to get these files displayed by the web browser. Once i tried this, 
> furthermore i was also able to get public and private keystore/truststore located in the WEB-IN dir as well.
> So please let me know if it is a missconfiguration, and tell me how i can configure more securely.
> If its a bug please let me also know!
> Thank you in advance!
> Wolfram

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.