Description

Apache Axis2 installation includes a JSP page accessible at axis2-web/HappyAxis.jsp that discloses a lot of sensitive information. An attacker could use this information to conduct further attacks.

Remediation

If you don't want this information to be publicly accessible you need to restrict access to the /axis2-web/ directory.

References

Apache Axis2 Web Administrator's Guide

Related Vulnerabilities

Reachable SharePoint interface

TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)

Apache stronghold-info enabled

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure