[jira] [Created] (AXIS-2925) Vulnerability in Axis 1.4

robert lazarski (JIRA)

2018-09-12 16:55:00 UTC

[ https://issues.apache.org/jira/browse/AXIS-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612453#comment-16612453 ]

robert lazarski commented on AXIS-2925:
---------------------------------------

Both of those are related to HTTPS certificates. At a glance you would be affected if you are running axis 1.4 over HTTPS.

Those CVE's remain in Axis 1.x as there has not been an official release since 2006. I do notice AXIS-2905 has a patch included for CVE-2014-3596 but it has not been applied yet.

Axis2 has frequent releases and upgrading to that is highly suggested.

Post by tanishq pruthi (JIRA)
Vulnerability in Axis 1.4
-------------------------
Key: AXIS-2925
URL: https://issues.apache.org/jira/browse/AXIS-2925
Project: Axis
Issue Type: Bug
Reporter: tanishq pruthi
Priority: Major
Hi Team
I am still using 1.4 in one of my project, and when i run dependency checker tool , it shows me following vulnerability in axis.jar
CVE-2014-3596
CVE-2012-5784
Is there any update available to fix these in 1.4 or do i have to update my project to use axis2

--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-***@axis.apache.org
For additional commands, e-mail: java-dev-***@axis.apache.org