Axis development mode enabled in WEB-INF/server-config.wsdd
Description
This Apache Axis web service application is configured to run in development mode, which exposes sensitive technical information including server version details and complete stack traces when errors occur. Development mode is intended for debugging purposes only and should never be enabled in production environments. The configuration setting is controlled by the axis.development.system parameter in the WEB-INF/server-config.wsdd file.
Remediation
Disable development mode by modifying the WEB-INF/server-config.wsdd configuration file. Locate the globalConfiguration section and set the axis.development.system parameter to false. If this parameter does not exist, add it explicitly to ensure development mode is disabled.
Update the configuration as follows:
<globalConfiguration> <parameter name="axis.development.system" value="false"/> </globalConfiguration>
After making this change, restart the application server to ensure the configuration takes effect. Verify the change by triggering an error condition and confirming that detailed stack traces are no longer exposed to clients.