Closed HoLyVieR closed 5 years ago
This is an easy to exploit deserialization issue in a debug component of Axis and Axis2. Even though it's fixable the maintainer have never wanted to do so. For the reference here's the source of the issue :
http://www.docjar.com/html/api/org/apache/axis2/soapmonitor/servlet/SOAPMonitorService.java.html#251
Cool! Thanks!
This is an easy to exploit deserialization issue in a debug component of Axis and Axis2. Even though it's fixable the maintainer have never wanted to do so. For the reference here's the source of the issue :
http://www.docjar.com/html/api/org/apache/axis2/soapmonitor/servlet/SOAPMonitorService.java.html#251