[
https://issues.apache.org/jira/browse/AXIS2-5759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Miriam Celi closed AXIS2-5759.
------------------------------
Resolution: Duplicate
Just realized that this issue was reported in AXIS2-5757
(https://issues.apache.org/jira/browse/AXIS2-5757). Therefore, I'm closing this
duplicate issue.
> Upgrade HTTPCore and HTTPClient into latest versions
> ----------------------------------------------------
>
> Key: AXIS2-5759
> URL: https://issues.apache.org/jira/browse/AXIS2-5759
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.7.0, 1.7.1
> Reporter: Miriam Celi
>
> Axis2 1.7.0 and 1.7.1 ship with vulnerable versions of httpclient-4.2.1.jar
> and commons-httpclient-3.1.jar:
> CVE-2014-3577 (affected products include Apache HttpClient 4.2.1):
> https://exchange.xforce.ibmcloud.com/vulnerabilities/95327?cm_mc_uid=07675441652414567688362&cm_mc_sid_50200000=1460556797
> CVE-2012-6153 (affected products include Apache HttpClient 4.2.1 and Apache
> HttpClient 3.1):
> https://exchange.xforce.ibmcloud.com/vulnerabilities/95328?cm_mc_uid=07675441652414567688362&cm_mc_sid_50200000=1460556797
> Additional information on these vulnerabilities can be found at this link:
> http://archives.neohapsis.com/archives/bugtraq/2014-08/0089.html
> httpcore-4.2.1.jar and httpclient-4.2.1.jar should be upgraded to the newer
> GA versions available (https://hc.apache.org/downloads.cgi) and
> commons-httpclient-3.1.jar should be removed if possible.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
