Description
- Apache Axis2 installation includes a JSP page accessible at axis2-web/HappyAxis.jsp that discloses at lot of sensitive information. An attacker could use this information to conduct further attacks.
Remediation
- If you don't want this information to be publicly accessible you need to restrict access to the /axis2-web/ directory.
References
Severity
Classification
Tags
Related Vulnerabilities
- IBM WebSphere administration console weak password
- Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.6)
- Apache perl-status enabled
- WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)
- WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)