[ https://issues.apache.org/jira/browse/AXIS2-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15240183#comment-15240183 ]
Hudson commented on AXIS2-5757: ------------------------------- ABORTED: Integrated in axis2-1.7 #45 (See [https://builds.apache.org/job/axis2-1.7/45/]) AXIS2-5757: Merge r1739001 to the 1.7 branch. (veithen: rev 1739004) * axis2 * axis2/pom.xml > Version of httpclient bundled in axis2-1.7.1 is exposed to to the > vulnerability CVE-2012-6153, CVE-2014-3577 > ------------------------------------------------------------------------------------------------------------- > > Key: AXIS2-5757 > URL: https://issues.apache.org/jira/browse/AXIS2-5757 > Project: Axis2 > Issue Type: Bug > Components: transports > Affects Versions: 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1 > Environment: Axis2 used as a Web Service Provider for an application > Reporter: Deepak > Priority: Minor > Labels: httpclient > > Version of httpclient bundled in axis2-1.7.1 is exposed to to the > vulnerability CVE-2012-6153, CVE-2014-3577 > Hi > The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is > susceptible to CVE-2012-6153, CVE-2014-3577 > The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in > Apache Commons HttpClient before 4.2.3" is vulnerability. > (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153) > What plans we have for Axis2 to address this Vulnerability. Will it be fixed > in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would > that be. Reason for this query is our application uses Axis2 and and hence > exposed to this vulnerability. > Thanks, > Regds, > Deepak -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org