From 36de67d25141c7674f1ed9af44f9ed0f84205c8a Mon Sep 17 00:00:00 2001 From: feld Date: Fri, 28 Oct 2016 14:01:00 +0000 Subject: Document axis2 vulnerabilities PR: 213791 Security: CVE-2012-6153 Security: CVE-2014-3577 --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6fc0328737d..6fddcae6f8c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + Axis2 -- Security vulnerabilities on dependency Apache HttpClient + + + axis2 + 1.7.4 + + + + +

Apache Axis2 reports:

+
Apache Axis2 1.7.4 is a maintenance release that includes fixes for + several issues, including the following security issues: + Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities + affecting the admin console. + A dependency on an Apache HttpClient version affected by known security + vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.
+

+ + + + http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html + https://issues.apache.org/jira/browse/AXIS2-4739 + https://issues.apache.org/jira/browse/AXIS2-5683 + https://issues.apache.org/jira/browse/AXIS2-5757 + CVE-2012-6153 + CVE-2014-3577 + + + 2012-12-06 + 2016-10-28 + + + node.js -- ares_create_query single byte out of buffer write -- cgit