Attacker Value
Very High
0

CVE-2013-3018

Disclosure Date: May 24, 2018

Exploitability

(1 user assessed) Very High
Attack Vector
Network
Privileges Required
None
User Interaction
None

Description

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

CVE here doesn’t show the real impact of this vulnerability and also the data is partial/misleading.

Axis2 version 1.6.2 let an attacker to read files on local filesystem. admin password is written in plaintext in a XML configuration file.
chaining this two easy vulnerabilities, an attacker is able to login as admin to Axis2 and to deploy a new webservice to achieve remote code execution.

things get worse beause we mostly find Axis2 internet-faced

to retrieve the config file an attacker can just exploit the LFI in a very basic way:
GET /axis2/services/Version?xsd=../conf/axis2.xml
then scrolling down to read username/password parameters

with given credentials, axis2_deployer (https://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer) from metasploit will let him to deploy a meterpreter session

General Information

Additional Info

Technical Analysis