Apache Axis2 information disclosure

Description
  • Apache Axis2 installation includes a JSP page accessible at axis2-web/HappyAxis.jsp that discloses at lot of sensitive information. An attacker could use this information to conduct further attacks.
Remediation
  • If you don't want this information to be publicly accessible you need to restrict access to the /axis2-web/ directory.
References