[jira] Updated: (GERONIMO-5383) CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.

Rick McGuire (JIRA) Thu, 08 Jul 2010 08:58:47 -0700

     [ 
https://issues.apache.org/jira/browse/GERONIMO-5383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick McGuire updated GERONIMO-5383:
-----------------------------------

    Fix Version/s: 2.1.7
                       (was: 2.1.6)

> CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based 
> XML attacks. 
> -------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5383
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5383
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: webservices
>    Affects Versions: 2.1.5, 2.2
>            Reporter: Rick McGuire
>            Assignee: Rick McGuire
>            Priority: Critical
>             Fix For: 2.1.7, 2.2.1
>
>
> New versions of CXF and Axis2 are available containing some critical security 
> fixes that need to be made available for Geronimo 2.1.x and 2.2.x.  Details 
> of the exposure can be found here: 
> https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
> https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-5383) CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.

Reply via email to