[
https://issues.apache.org/jira/browse/AXIS2-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Deepak updated AXIS2-5757:
--------------------------
Priority: Major (was: Minor)
> Version of httpclient bundled in axis2-1.7.1 is exposed to to the
> vulnerability CVE-2012-6153, CVE-2014-3577
> -------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-5757
> URL: https://issues.apache.org/jira/browse/AXIS2-5757
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1
> Environment: Axis2 used as a Web Service Provider for an application
> Reporter: Deepak
> Labels: httpclient
> Fix For: 1.7.2
>
>
> Version of httpclient bundled in axis2-1.7.1 is exposed to to the
> vulnerability CVE-2012-6153, CVE-2014-3577
> Hi
> The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is
> susceptible to CVE-2012-6153, CVE-2014-3577
> The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in
> Apache Commons HttpClient before 4.2.3" is vulnerability.
> (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)
> What plans we have for Axis2 to address this Vulnerability. Will it be fixed
> in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would
> that be. Reason for this query is our application uses Axis2 and and hence
> exposed to this vulnerability.
> Thanks,
> Regds,
> Deepak
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
