You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Miriam Celi (JIRA)" <ji...@apache.org> on 2016/04/13 16:27:25 UTC

[jira] [Created] (AXIS2-5759) Upgrade HTTPCore and HTTPClient into latest versions

Miriam Celi created AXIS2-5759:
----------------------------------

             Summary: Upgrade HTTPCore and HTTPClient into latest versions
                 Key: AXIS2-5759
                 URL: https://issues.apache.org/jira/browse/AXIS2-5759
             Project: Axis2
          Issue Type: Bug
          Components: transports
    Affects Versions: 1.7.1, 1.7.0
            Reporter: Miriam Celi


Axis2 1.7.0 and 1.7.1 ship with vulnerable versions of httpclient-4.2.1.jar and commons-httpclient-3.1.jar:

CVE-2014-3577 (affected products include Apache HttpClient 4.2.1):
https://exchange.xforce.ibmcloud.com/vulnerabilities/95327?cm_mc_uid=07675441652414567688362&cm_mc_sid_50200000=1460556797

CVE-2012-6153 (affected products include Apache HTTPclient 4.2.1 and Apache HttpClient 3.1): 
https://exchange.xforce.ibmcloud.com/vulnerabilities/95328?cm_mc_uid=07675441652414567688362&cm_mc_sid_50200000=1460556797

Additional information on these vulnerabilities can be found at this link:
http://archives.neohapsis.com/archives/bugtraq/2014-08/0089.html

HTTPCore (httpcore-4.2.1.jar) could also be upgraded to the newer 4.4.4 GA version.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org