The Axis2 team recently discovered a security issue that may allow an attacker to carry out denial of service attacks and to read arbitrary files on the file system of the node where Axis2 runs. Details of the vulnerability are described in the following advisory:
https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf This vulnerability may potentially be exploited on any Axis2 installation that receives XML messages from untrusted sources. We strongly recommend to all users who manage this type of installation to follow the instructions in the above advisory in order to mitigate the security risk caused by this vulnerability. -- The Axis2 team --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
