axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "robert lazarski (JIRA)" <axis-...@ws.apache.org>
Subject [jira] [Commented] (AXIS-2925) Vulnerability in Axis 1.4
Date Wed, 12 Sep 2018 16:55:00 GMT

    [ https://issues.apache.org/jira/browse/AXIS-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612453#comment-16612453
] 

robert lazarski commented on AXIS-2925:
---------------------------------------

Both of those are related to HTTPS certificates. At a glance you would be affected if you
are running axis 1.4 over HTTPS.

Those CVE's remain in Axis 1.x as there has not been an official release since 2006. I do
notice AXIS-2905 has a patch included for CVE-2014-3596 but it has not been applied yet. 

Axis2 has frequent releases and upgrading to that is highly suggested.

 

> Vulnerability in Axis 1.4
> -------------------------
>
>                 Key: AXIS-2925
>                 URL: https://issues.apache.org/jira/browse/AXIS-2925
>             Project: Axis
>          Issue Type: Bug
>            Reporter: tanishq pruthi
>            Priority: Major
>
> Hi Team
> I am still using 1.4 in one of my project, and when i run dependency checker tool , it
shows me following vulnerability in axis.jar
> CVE-2014-3596
> CVE-2012-5784
> Is there any update available to fix these in 1.4 or do i have to update my project to
use axis2
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message