{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34154", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34154"}, {"name": "23687", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34154", "refsource": "OSVDB", "url": "http://www.osvdb.org/34154"}, {"name": "23687", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "refsource": "VIM", "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.699Z"}, "title": "CVE Program Container", "references": [{"name": "34154", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34154"}, {"name": "23687", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23687"}, {"name": "apache-axis-wsdl-path-disclosure(34167)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}, {"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2353", "datePublished": "2007-04-30T22:00:00", "dateReserved": "2007-04-30T00:00:00", "dateUpdated": "2024-08-07T13:33:28.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73757AE0-90E2-4043-BCB3-4E4046966CDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."}, {"lang": "es", "value": "Apache Axis 1.0 permite a atacantes remotos obtener informaci\u00f3n confidencial al solicitar un fichero WSDL no existente, lo cual revela la ruta de instalaci\u00f3n en el mensaje de excepci\u00f3n resultante."}], "id": "CVE-2007-2353", "lastModified": "2017-07-29T01:31:23.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-30T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://attrition.org/pipermail/vim/2007-April/001562.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34154"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23687"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat ship Axis in a number of products; however the installation path of Axis is fixed and deterministic, so this flaw does not disclose otherwise unknown information. We do not plan on issuing updates to fix this issue.", "lastModified": "2007-05-10T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}