Axis Development Mode Enabled in WEB-INF/server-config.wsdd

Severity: Medium
Summary#

Invicti detected that the web application is running in development mode that disclose the server version and detailed stack trace information.


It's recommended to modify the configuration file WEB-INF/server-config.wsdd to switch the system from development to production, preventing the information leakage.

Impact#

The detailed error messages contain potentially sensitive information that might help an attacker to conduct further attacks.

Actions To Take#

In the example below, the web application will switch the system from development mode to production mode:

<globalConfiguration>
 <parameter name="axis.development.system" value="false"/>
</globalConfiguration>
OR

Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works