[
https://issues.apache.org/jira/browse/AXIS2-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315865#comment-15315865
]
Hudson commented on AXIS2-5757:
-------------------------------
SUCCESS: Integrated in Axis2 #3550 (See
[https://builds.apache.org/job/Axis2/3550/])
AXIS2-5757: Upgrade to latest httpclient version. (veithen: rev 1746894)
* axis2/pom.xml
* axis2/systests/webapp-tests/pom.xml
> Version of httpclient bundled in axis2-1.7.1 is exposed to to the
> vulnerability CVE-2012-6153, CVE-2014-3577
> -------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2-5757
> URL: https://issues.apache.org/jira/browse/AXIS2-5757
> Project: Axis2
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1
> Environment: Axis2 used as a Web Service Provider for an application
> Reporter: Deepak
> Assignee: Andreas Veithen
> Labels: security
> Fix For: 1.7.4
>
>
> Version of httpclient bundled in axis2-1.7.1 is exposed to to the
> vulnerability CVE-2012-6153, CVE-2014-3577
> Hi
> The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is
> susceptible to CVE-2012-6153, CVE-2014-3577
> The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in
> Apache Commons HttpClient before 4.2.3" is vulnerability.
> (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)
> What plans we have for Axis2 to address this Vulnerability. Will it be fixed
> in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would
> that be. Reason for this query is our application uses Axis2 and and hence
> exposed to this vulnerability.
> Thanks,
> Regds,
> Deepak
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
