axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Veithen <andreas.veit...@gmail.com>
Subject [Important] Axis2 security advisory CVE-2010-1632
Date Sun, 13 Jun 2010 21:57:56 GMT
The Axis2 team recently discovered a security issue that may allow an
attacker to carry out denial of service attacks and to read arbitrary
files on the file system of the node where Axis2 runs. Details of the
vulnerability are described in the following advisory:

https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf

This vulnerability may potentially be exploited on any Axis2
installation that receives XML messages from untrusted sources. We
strongly recommend to all users who manage this type of installation
to follow the instructions in the above advisory in order to mitigate
the security risk caused by this vulnerability.

-- The Axis2 team

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message