[
https://issues.apache.org/jira/browse/AXIS-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16925957#comment-16925957
]
robert lazarski commented on AXIS-2905:
---------------------------------------
Since I found this error confusing and our Apache internal Travis build runs
JDK 8, I am going to remove the animal sniffer API version check.
I also see this in that pom.xml section, which I removed too.
<!-- Note: 1.9 contains a call to a Java 7 specific method
(java.nio.CharBuffer.subSequence(II)Ljava/nio/CharBuffer;)
that is triggered when an undefined reference is found. This breaks error
reporting on Java 5/6. -->
<version>1.8</version>
Committed revision 1866702.
Build from source:
svn checkout [https://svn.apache.org/repos/asf/axis/axis1/java/trunk]
axis-project
Nightly builds:
[https://travis-ci.org/apache/axis1-java]
> Insecure certificate validation CVE-2014-3596
> ---------------------------------------------
>
> Key: AXIS-2905
> URL: https://issues.apache.org/jira/browse/AXIS-2905
> Project: Axis
> Issue Type: Bug
> Affects Versions: 1.4
> Reporter: David Jorm
> Priority: Major
> Attachments: CVE-2014-3596.patch
>
>
> It was found that the fix for CVE-2012-5784 was incomplete. The code added to
> check that the server hostname matches the domain name in the subject's CN
> field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack
> where the attacker can spoof a valid certificate using a specially crafted
> subject.
> For more details, see:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596
> https://access.redhat.com/solutions/1164433
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
