Axis2 contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to the services applet not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the xsd parameter. This flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.