[ https://issues.apache.org/jira/browse/AXIS2-5930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16599624#comment-16599624 ]
Andreas Veithen commented on AXIS2-5930: ---------------------------------------- CVE-2012-5351 and CVE-2012-4418 are related to SAML which would affect Rampart, not Axis2 itself. Probably the tool incorrectly links them to mex and axis2-kernel. Regarding the Tribes vulnerability, that dependency was updated in r1837509. > CVE issues with dependency jars of axis2 > ---------------------------------------- > > Key: AXIS2-5930 > URL: https://issues.apache.org/jira/browse/AXIS2-5930 > Project: Axis2 > Issue Type: Bug > Affects Versions: 1.7.8 > Reporter: tanishq pruthi > Priority: Major > Fix For: 1.7.9 > > > The dependent jars in axis 2 package are not updated to latest version > Due to which, some of the jars contains vulnerabilities . Some of them are > below > [mex-1.7.6-impl.jar|#l203_99ee5f563d035e3904894ea89c4550bb71ddf34b] > [axis2-kernel-1.7.6.jar|#l245_aa2e05c5dc080f7089072d17acfb9b1a50d8bda9] > [tribes-6.0.16.jar|#l321_50b300ff415ef0cf3af4f14ec03131cdcb019efa] > Dependency check tool is giving the following CVE in these jar > *[CVE-2012-5351|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5351]* > *[CVE-2012-4418|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4418]* > ** -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org