Uploaded image for project: 'Geronimo'
  1. Geronimo
  2. GERONIMO-5383

CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1.5, 2.2
    • Fix Version/s: 2.1.6, 2.2.1
    • Component/s: webservices
    • Security Level: public (Regular issues)
    • Labels:
      None

      Description

      New versions of CXF and Axis2 are available containing some critical security fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of the exposure can be found here:

      https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
      https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf

        Activity

        Hide
        genspring Shawn Jiang added a comment -

        The fix is included in Axis2 1.5.2 and CXF 2.1.10. CXF 2.1.10 has been in 2.2 branch. Axis2 1.5.2 was just released and included in 2.2 branch too.

        Closing this.

        Show
        genspring Shawn Jiang added a comment - The fix is included in Axis2 1.5.2 and CXF 2.1.10. CXF 2.1.10 has been in 2.2 branch. Axis2 1.5.2 was just released and included in 2.2 branch too. Closing this.

          People

          • Assignee:
            rickmcguire Rick McGuire
            Reporter:
            rickmcguire Rick McGuire
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development