GHSA-2c4w-2px5-9x3x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2c4w-2px5-9x3x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2c4w-2px5-9x3x/GHSA-2c4w-2px5-9x3x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2c4w-2px5-9x3x
- Aliases
- Published
- 2022-05-01T18:02:45Z
- Modified
- 2026-03-20T14:34:03.895590Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor
- Details
-
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
- Database specific
{ "cwe_ids": [ "CWE-200" ], "github_reviewed_at": "2026-03-20T14:20:47Z", "nvd_published_at": "2007-04-30T22:19:00Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-2353
- https://github.com/albfernandez/axis1-java/issues/34#issuecomment-1006693110
- https://github.com/albfernandez/axis1-java/commit/32f35038ecae2c7a7f2e904b2289fd383f6f4d1f
- https://github.com/apache/axis-axis1-java/commit/2fdbb91c5e861e804db70cada188b1d7c1603513
- https://github.com/apache/axis-axis1-java/commit/7ba89deb2eb21615630f18e96a35bfdec7f7cfed
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34167
- https://github.com/apache/axis-axis1-java
- http://attrition.org/pipermail/vim/2007-April/001562.html
Affected packages
Maven / org.apache.axis:axis
Package
- Name
- org.apache.axis:axis
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.axis/axis