[ https://issues.apache.org/jira/browse/AXIS2-5757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315865#comment-15315865 ]
Hudson commented on AXIS2-5757: ------------------------------- SUCCESS: Integrated in Axis2 #3550 (See [https://builds.apache.org/job/Axis2/3550/]) AXIS2-5757: Upgrade to latest httpclient version. (veithen: rev 1746894) * axis2/pom.xml * axis2/systests/webapp-tests/pom.xml > Version of httpclient bundled in axis2-1.7.1 is exposed to to the > vulnerability CVE-2012-6153, CVE-2014-3577 > ------------------------------------------------------------------------------------------------------------- > > Key: AXIS2-5757 > URL: https://issues.apache.org/jira/browse/AXIS2-5757 > Project: Axis2 > Issue Type: Bug > Components: transports > Affects Versions: 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1 > Environment: Axis2 used as a Web Service Provider for an application > Reporter: Deepak > Assignee: Andreas Veithen > Labels: security > Fix For: 1.7.4 > > > Version of httpclient bundled in axis2-1.7.1 is exposed to to the > vulnerability CVE-2012-6153, CVE-2014-3577 > Hi > The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is > susceptible to CVE-2012-6153, CVE-2014-3577 > The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in > Apache Commons HttpClient before 4.2.3" is vulnerability. > (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153) > What plans we have for Axis2 to address this Vulnerability. Will it be fixed > in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would > that be. Reason for this query is our application uses Axis2 and and hence > exposed to this vulnerability. > Thanks, > Regds, > Deepak -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org