Return-Path: 
 <java-dev-return-93195-apmail-axis-java-dev-archive=axis.apache.org@axis.apache.org>
X-Original-To: apmail-axis-java-dev-archive@www.apache.org
Delivered-To: apmail-axis-java-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 66D8E10DBB
	for <apmail-axis-java-dev-archive@www.apache.org>;
 Thu,  8 Jan 2015 23:28:34 +0000 (UTC)
Received: (qmail 97734 invoked by uid 500); 8 Jan 2015 23:28:35 -0000
Delivered-To: apmail-axis-java-dev-archive@axis.apache.org
Received: (qmail 97606 invoked by uid 500); 8 Jan 2015 23:28:35 -0000
Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:java-dev-help@axis.apache.org>
List-Unsubscribe: <mailto:java-dev-unsubscribe@axis.apache.org>
List-Post: <mailto:java-dev@axis.apache.org>
List-Id: <java-dev.axis.apache.org>
Reply-To: java-dev@axis.apache.org
Delivered-To: mailing list java-dev@axis.apache.org
Received: (qmail 97594 invoked by uid 99); 8 Jan 2015 23:28:35 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2015 23:28:35 +0000
Date: Thu, 8 Jan 2015 23:28:34 +0000 (UTC)
From: "David Camilo Espitia Manrique (JIRA)" <jira@apache.org>
To: java-dev@axis.apache.org
Message-ID: <JIRA.12765892.1420759665000.42883.1420759714919@Atlassian.JIRA>
In-Reply-To: <JIRA.12765892.1420759665000@Atlassian.JIRA>
References: <JIRA.12765892.1420759665000@Atlassian.JIRA>
 <JIRA.12765892.1420759665673@arcas>
Subject: [jira] [Created] (TRANSPORTS-55) Improper Resource Shutdown or
 Release in BaseUtils.java 246
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

David Camilo Espitia Manrique created TRANSPORTS-55:
-------------------------------------------------------

             Summary: Improper Resource Shutdown or Release in BaseUtils.java 246
                 Key: TRANSPORTS-55
                 URL: https://issues.apache.org/jira/browse/TRANSPORTS-55
             Project: Axis2 Transports
          Issue Type: Bug
          Components: Base
    Affects Versions: 1.0.0
            Reporter: David Camilo Espitia Manrique
             Fix For: 1.0.0


We are currently using "Axis2-transport-base 1.0.0 " and the veracode analysis found a bug in this class "BaseUtils.java" line 246:

Type:  Improper Resource Shutdown or Release

Description:

The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.

Recommendations:

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org