You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Andreas Veithen (JIRA)" <ji...@apache.org> on 2016/04/14 11:15:25 UTC

[jira] [Resolved] (AXIS2-5757) Version of httpclient bundled in axis2-1.7.1 is exposed to to the vulnerability CVE-2012-6153, CVE-2014-3577

     [ https://issues.apache.org/jira/browse/AXIS2-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andreas Veithen resolved AXIS2-5757.
------------------------------------
       Resolution: Fixed
    Fix Version/s: 1.7.2

> Version of httpclient bundled in axis2-1.7.1 is exposed to  to the vulnerability CVE-2012-6153, CVE-2014-3577
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: AXIS2-5757
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5757
>             Project: Axis2
>          Issue Type: Bug
>          Components: transports
>    Affects Versions: 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1
>         Environment: Axis2 used as a Web Service Provider for an application
>            Reporter: Deepak
>            Priority: Minor
>              Labels: httpclient
>             Fix For: 1.7.2
>
>
> Version of httpclient bundled in axis2-1.7.1 is exposed to  to the vulnerability CVE-2012-6153, CVE-2014-3577
> Hi
> The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1  is susceptible to CVE-2012-6153, CVE-2014-3577 
> The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3" is vulnerability. (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)
> What plans we have for Axis2 to address this Vulnerability. Will it be fixed in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would that be. Reason for this query is our application uses Axis2 and and hence exposed to this vulnerability. 
> Thanks,
> Regds,
> Deepak



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org