Description

Apache Axis2 is installed on this application server. By accessing a specific URL (/services/listServices) it's possible to list all the available web services deployed in this server.

Remediation

If you don't want these services to be publicly available you need to restrict access to the /services/listServices URL.

References

Apache Axis2 Web Administrator's Guide

Related Vulnerabilities

WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)

JBoss Seam remoting vulnerabilities

HTML Form found in redirect page

ASP.NET path disclosure

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Information Disclosure