axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Camilo Espitia Manrique (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TRANSPORTS-55) Improper Resource Shutdown or Release in BaseUtils.java 246
Date Thu, 08 Jan 2015 23:28:34 GMT
David Camilo Espitia Manrique created TRANSPORTS-55:
-------------------------------------------------------

             Summary: Improper Resource Shutdown or Release in BaseUtils.java 246
                 Key: TRANSPORTS-55
                 URL: https://issues.apache.org/jira/browse/TRANSPORTS-55
             Project: Axis2 Transports
          Issue Type: Bug
          Components: Base
    Affects Versions: 1.0.0
            Reporter: David Camilo Espitia Manrique
             Fix For: 1.0.0


We are currently using "Axis2-transport-base 1.0.0 " and the veracode analysis found a bug
in this class "BaseUtils.java" line 246:

Type:  Improper Resource Shutdown or Release

Description:

The application fails to release (or incorrectly releases) a system resource before it is
made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased
resource issues
result in general software reliability problems, but if an attacker can intentionally trigger
a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.

Recommendations:

When a resource is created or allocated, the developer is responsible for properly releasing
the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths
properly release resources




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message