Description
Apache Axis2 contains a flaw that may allow a remote attacker to access arbitrary files. A remote attacker could send a specially-crafted URL request using the xsd parameter to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information or execute arbitrary code on the vulnerable Web server.
Remediation
Upgrade to the latest version of Apache Axis2. This issue was fixed in Apache Axis2 version 1.4.1.
References
Apache Axis2 local file inclusion
Local File Inclusion Vulnerability on parsing WSDL related XSD Files
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.56)
WordPress Plugin DukaPress Directory Traversal (2.5.2)
WordPress Plugin LiveSig 'wp-root' Parameter Remote File Include (0.4)
WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)