axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charlie Martin <charlie.mar...@uk.ibm.com>
Subject apache-commons-fileupload symlink vulnerability CVE-2013-0248
Date Thu, 23 Jul 2015 10:41:06 GMT
Hi,

The current (v1.6.3) and previous releases of Axis2 contain the apache 
commons-fileupload-1.2.jar. 

This jar is flagged as being vulnerable to CVE-2013-0248

Could anyone confirm if either:
This vulnerability is not applicable to the use of the jar in Axis2
If an update is planned

Details of the vulnerability: 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0248

Many thanks,
Charlie Martin


WebSphere MQ Development
IBM Hursley Labs, Hursley Park, Winchester, Hants. SO21 2JN. UK.
Email: charlie.martin@uk.ibm.com
Tel: +44 (0) 1962 815860, Internal: 37245860


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

Mime
View raw message