Jboss dir.traversal

2009-04-19T00:00:00
ID SECURITYVULNS:DOC:21699
Type securityvulns
Reporter Securityvulns
Modified 2009-04-19T00:00:00

Description

JBossAS 5.0.1GA

Simple webservice "hello" from docs + imported XSD-schema. Any user can get ANY XML from server: http://127.0.0.1:8080/echo/Echo?wsdl&resource=../../../conf/login-config.xml