CVE-2007-2353 - Vulnerability Details - OpenCVE

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Axis

Configuration 1 [-]

cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://attrition.org/pipermail/vim/2007-April/001562.html
http://www.osvdb.org/34154
http://www.securityfocus.com/bid/23687
https://exchange.xforce.ibmcloud.com/vulnerabilities/34167

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-30T22:00:00

Updated: 2024-08-07T13:33:28.699Z

Reserved: 2007-04-30T00:00:00

Link: CVE-2007-2353

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-30T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2353

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34154", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34154"}, {"name": "23687", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34154", "refsource": "OSVDB", "url": "http://www.osvdb.org/34154"}, {"name": "23687", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "refsource": "VIM", "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.699Z"}, "title": "CVE Program Container", "references": [{"name": "34154", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34154"}, {"name": "23687", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2353", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73757AE0-90E2-4043-BCB3-4E4046966CDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}, {"lang": "es", "value": "Apache Axis 1.0 permite a atacantes remotos obtener informaci\u00f3n confidencial al solicitar un fichero WSDL no existente, lo cual revela la ruta de instalaci\u00f3n en el mensaje de excepci\u00f3n resultante."}], "id": "CVE-2007-2353", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34154"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23687"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat ship Axis in a number of products; however the installation path of Axis is fixed and deterministic, so this flaw does not disclose otherwise unknown information. We do not plan on issuing updates to fix this issue.", "lastModified": "2007-05-10T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}