[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-user-ja
Subject: [jira] [Commented] (AXIS-2925) Vulnerability in Axis 1.4
From: "robert lazarski (JIRA)" <axis-dev () ws ! apache ! org>
Date: 2018-09-12 16:55:00
Message-ID: JIRA.13184347.1536671747000.60221.1536771300065 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AXIS-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612453#comment-16612453 \
]
robert lazarski commented on AXIS-2925:
---------------------------------------
Both of those are related to HTTPS certificates. At a glance you would be affected if \
you are running axis 1.4 over HTTPS.
Those CVE's remain in Axis 1.x as there has not been an official release since 2006. \
I do notice AXIS-2905 has a patch included for CVE-2014-3596 but it has not been \
applied yet.
Axis2 has frequent releases and upgrading to that is highly suggested.
> Vulnerability in Axis 1.4
> -------------------------
>
> Key: AXIS-2925
> URL: https://issues.apache.org/jira/browse/AXIS-2925
> Project: Axis
> Issue Type: Bug
> Reporter: tanishq pruthi
> Priority: Major
>
> Hi Team
> I am still using 1.4 in one of my project, and when i run dependency checker tool , \
> it shows me following vulnerability in axis.jar CVE-2014-3596
> CVE-2012-5784
> Is there any update available to fix these in 1.4 or do i have to update my project \
> to use axis2
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic