[
https://issues.apache.org/jira/browse/GERONIMO-5383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick McGuire updated GERONIMO-5383:
-----------------------------------
Summary: CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding
enables DTD based XML attacks. (was: Update to new versions of CXF and Axis2)
Priority: Critical (was: Major)
Description:
New versions of CXF and Axis2 are available containing some critical security
fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of
the exposure can be found here:
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
was:New versions of CXF and Axis2 are available containing some critical
fixes that need to be made available for Geronimo 2.1.x and 2.2.x
> CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based
> XML attacks.
> -------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5383
> URL: https://issues.apache.org/jira/browse/GERONIMO-5383
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: webservices
> Affects Versions: 2.1.5, 2.2
> Reporter: Rick McGuire
> Assignee: Rick McGuire
> Priority: Critical
> Fix For: 2.1.6, 2.2.1
>
>
> New versions of CXF and Axis2 are available containing some critical security
> fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details
> of the exposure can be found here:
> https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
> https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
