axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deepak (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AXIS2-5757) Version of httpclient bundled in axis2-1.7.1 is exposed to to the vulnerability CVE-2012-6153, CVE-2014-3577
Date Wed, 13 Apr 2016 10:58:25 GMT
Deepak created AXIS2-5757:
-----------------------------

             Summary: Version of httpclient bundled in axis2-1.7.1 is exposed to  to the vulnerability
CVE-2012-6153, CVE-2014-3577
                 Key: AXIS2-5757
                 URL: https://issues.apache.org/jira/browse/AXIS2-5757
             Project: Axis2
          Issue Type: Bug
          Components: transports
    Affects Versions: 1.7.1, 1.7.0, 1.6.4, 1.6.3, 1.6.2, 1.4
         Environment: Axis2 used as a Web Service Provider for an application

            Reporter: Deepak
            Priority: Minor


Version of httpclient bundled in axis2-1.7.1 is exposed to  to the vulnerability CVE-2012-6153,
CVE-2014-3577

Hi

The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1  is susceptible
to CVE-2012-6153, CVE-2014-3577 

The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in Apache Commons
HttpClient before 4.2.3" is vulnerability. (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)

What plans we have for Axis2 to address this Vulnerability. Will it be fixed in the upcoming
1.7.2 or 1.8 release or any other release. If yes, when would that be. Reason for this query
is our application uses Axis2 and and hence exposed to this vulnerability. 

Thanks,
Regds,
Deepak




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message