CVE-2007-2353 — Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor

Description

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.

How to fix CVE-2007-2353

To remediate CVE-2007-2353, upgrade the affected package to a fixed version below.

Debian/axis—no fix listed
—upgrade to 1.2 or later

Is CVE-2007-2353 being exploited?

Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0
from 0, < 1.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-2353
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2353
PATCHgithub.com/apache/axis-axis1-java
WEBattrition.org/pipermail/vim/2007-April/001562.html
WEB