Uploaded image for project: 'Axis2'
  1. Axis2
  2. AXIS2-5757

Version of httpclient bundled in axis2-1.7.1 is exposed to to the vulnerability CVE-2012-6153, CVE-2014-3577

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4, 1.6.2, 1.6.3, 1.6.4, 1.7.0, 1.7.1
    • 1.7.4
    • transports
    • Axis2 used as a Web Service Provider for an application
    • Important

    Description

      Version of httpclient bundled in axis2-1.7.1 is exposed to to the vulnerability CVE-2012-6153, CVE-2014-3577

      Hi

      The version of httpclient (httpclient-4.2.1.jar) bundled with axis2-1.7.1 is susceptible to CVE-2012-6153, CVE-2014-3577

      The Vulnerability says that the class "http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3" is vulnerability. (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6153)

      What plans we have for Axis2 to address this Vulnerability. Will it be fixed in the upcoming 1.7.2 or 1.8 release or any other release. If yes, when would that be. Reason for this query is our application uses Axis2 and and hence exposed to this vulnerability.

      Thanks,
      Regds,
      Deepak

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. AXIS2-5759 Upgrade HTTPCore and HTTPClient into latest versions

          • Major - Major loss of function.
          • Closed

          Activity

            People

              veithen Andreas Veithen
              deepnaik Deepak
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: