OSVDB ID: 62202

Title: SAP BusinessObjects dswsbobje/axis2-web/HappyAxis.jsp Information Disclosure

Info

Disclosure

Jan 21, 2010

Discovery

May 04, 2009

Dates

Exploit

Unknown

Solution

Unknown

Description

SAP BusinessObjects contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when accessing directly to the dswsbobje/axis2-web/HappyAxis.jsp script which will disclose system information to a remote attacker.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Products

Unknown or Incomplete

References

Secunia Advisory ID: 38271
Related OSVDB ID: 62193 62203
Other Advisory URL: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-02

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/62202