Description
Apache Axis2 is installed on this application server. By accessing a specific URL (/services/listServices) it's possible to list all the available web services deployed in this server.
Remediation
If you don't want these services to be publicly available you need to restrict access to the /services/listServices URL.
References
Related Vulnerabilities
JBoss HttpAdaptor JMXInvokerServlet
PHP Safedir restriction bypass vulnerabilities
phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3783)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)
WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)