Deepak created AXIS2-5757:
-----------------------------
Summary: Version of httpclient bundled in axis2-1.7.1 is exposed
to to the vulnerability CVE-2012-6153, CVE-2014-3577
Key: AXIS2-5757
URL: https://issues.apache.org/jira/browse/AXIS2-5757
Project: Axis2
Issue Type: Bug
Components: transports
Affects Versions: 1.7.1, 1.7.0, 1.6.4, 1.6.3, 1.6.2, 1.4
Environment: Axis2 used as a Web Service Provider for an application
Reporter: Deepak
Priority: Minor
Version of httpclient bundled in axis2-1.7.1 is exposed to to the
vulnerability CVE-2012-6153, CVE-2014-3577
Hi
The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is
susceptible to CVE-2012-6153, CVE-2014-3577
The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in
Apache Commons HttpClient before 4.2.3" is vulnerability.
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)
What plans we have for Axis2 to address this Vulnerability. Will it be fixed in
the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would that
be. Reason for this query is our application uses Axis2 and and hence exposed
to this vulnerability.
Thanks,
Regds,
Deepak
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
