Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2013-3018

Disclosure Date: May 24, 2018
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

CVE here doesn’t show the real impact of this vulnerability and also the data is partial/misleading.

Axis2 version 1.6.2 let an attacker to read files on local filesystem. admin password is written in plaintext in a XML configuration file.
chaining this two easy vulnerabilities, an attacker is able to login as admin to Axis2 and to deploy a new webservice to achieve remote code execution.

things get worse beause we mostly find Axis2 internet-faced

to retrieve the config file an attacker can just exploit the LFI in a very basic way:
GET /axis2/services/Version?xsd=../conf/axis2.xml
then scrolling down to read username/password parameters

with given credentials, axis2_deployer (https://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer) from metasploit will let him to deploy a meterpreter session

CVSS V3 Severity and Metrics
Base Score:
5.3 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Additional Info

Technical Analysis