[GERONIMO-5383] CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.1.5, 2.2
Fix Version/s: 2.1.6, 2.2.1
Component/s: webservices
Security Level: public (Regular issues)
Labels:
None

Description

New versions of CXF and Axis2 are available containing some critical security fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of the exposure can be found here:

https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf

Attachments

Activity

People

Assignee:: Richard McGuire

Reporter:: Richard McGuire

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Jun/10 12:34

Updated:: 22/Sep/10 14:43

Resolved:: 22/Sep/10 14:43