CVE-2010-0219 Apache Axis2 Default Administrative Access

Apache Axis2 is a Web Services/SOAP/WSDL engine.

The instance of Axis2 on the target allows administrative access with default credentials of username "admin" and password as "axis2".

A remote attacker could exploit this to take control of the Axis2 server and execute arbitrary code by uploading a crafted web service.

Change the password for the "admin" account. This can be done by changing parameters in axis2.xml as required. Refer toApache Axis2 Web Administrator's Guide for more information.