First published: Mon Apr 30 2007(Updated: )
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Axis | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-2353 is considered a medium severity vulnerability due to its potential to reveal sensitive information.
To fix CVE-2007-2353, upgrade Apache Axis to a version later than 1.0 where this issue is addressed.
CVE-2007-2353 can expose the installation path of the Apache Axis server through exception messages.
CVE-2007-2353 affects Apache Axis version 1.0.
Yes, CVE-2007-2353 can be exploited remotely by requesting a non-existent WSDL file.