[VIM] Apache AXIS Non-Existent Java Web Service Path Disclosure?
security curmudgeon
jericho at attrition.org
Fri Apr 27 00:05:05 UTC 2007
Watchfire's Appscan product looks for this vulnerability (not sure what
they officially title it, the title above is my own), but I can't find any
reference to it. Google finds a lot of indirect references suggesting it
is common knowledge to the folks who use the product. Has anyone seen this
before or have a reference?
----------
Requesting this URL will generate the error message:
http://[target]/axis/tt_pm4l.jws?wsdl
AXIS error
Sorry, something seems to have gone wrong... here are the details:
Fault - java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
AxisFault
faultCode: {http://xml.apache.org/axis/}Server.userException
faultString: java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
faultActor: null
faultDetail:
stackTrace: java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
[SNIP]
More information about the VIM
mailing list