Description

Apache Axis2 is installed on this application server. By accessing a specific URL (/services/listServices) it's possible to list all the available web services deployed in this server.

Remediation

If you don't want these services to be publicly available you need to restrict access to the /services/listServices URL.

References

Apache Axis2 Web Administrator's Guide

Related Vulnerabilities

Generic Email Address Disclosure

WordPress Plugin WooCommerce Information Disclosure (4.5.2)

WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5730)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure