[This was originally disclosed on the VIM mail list. VulnDB ID 34154]
Watchfire’s Appscan product looks for this vulnerability (not sure what they officially title it, the title above is my own), but I can’t find any reference to it. Google finds a lot of indirect references suggesting it is common knowledge to the folks who use the product. Has anyone seen this before or have a reference?
Requesting this URL will generate the error message:
http://[target]/axis/tt_pm4l.jws?wsdl
AXIS error
Sorry, something seems to have gone wrong… here are the details:
Fault – java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
AxisFault
faultCode: {http://xml.apache.org/axis/}Server.userException
faultString: java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
faultActor: null
faultDetail:
stackTrace: java.io.FileNotFoundException:
c:\inetpub\wwwroot\axis\tt_pm4l.jws (No such file or directory)
[SNIP]