axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yana Poliashenko (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AXIS2-5689) A Veracode security scan reports multiple severity 4 security flaws in axis2.jar
Date Thu, 19 Feb 2015 20:21:13 GMT
Yana Poliashenko created AXIS2-5689:
---------------------------------------

             Summary: A Veracode security scan reports multiple severity 4 security flaws
in axis2.jar
                 Key: AXIS2-5689
                 URL: https://issues.apache.org/jira/browse/AXIS2-5689
             Project: Axis2
          Issue Type: Bug
    Affects Versions: 1.6.2
            Reporter: Yana Poliashenko
            Priority: Critical


A Veracode security scan reports multiple severity 4 security flaws in axis2.jar.

	
Information Exposure Through an Error Message	axis2.war	HappyAxis.jsp: 146	

Session Fixation	axis2.war	viewphases.jsp: 27	

Information Exposure Through an Error Message	axis2.war	error.jsp: 28	

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	axis2.war	ServiceParaEdit.jsp:
116	

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	axis2.war	disengage.jsp:
21	

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	axis2.war	deleteService.jsp:
21

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)	axis2.war	HappyAxis.jsp:
449

Information Exposure Through an Error Message	axis2.war	viewServiceGroupContext.jsp: 41

Information Exposure Through an Error Message	axis2.war	HappyAxis.jsp: 449

Information Exposure Through an Error Message	axis2.war	upload.jsp: 49

Information Exposure Through an Error Message	axis2.war	viewServiceContext.jsp: 39

Information Exposure Through Sent Data	axis2.war	HappyAxis.jsp: 493

Information Exposure Through Sent Data	axis2.war	HappyAxis.jsp: 494

Session Fixation	axis2.war	AdminAgent.java: 628	1	Open	none




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message