geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick McGuire (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-5383) CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.
Date Thu, 08 Jul 2010 16:28:49 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-5383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick McGuire updated GERONIMO-5383:
-----------------------------------

    Fix Version/s: 2.1.6
                       (was: 2.1.7)

> CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.

> -------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5383
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5383
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: webservices
>    Affects Versions: 2.1.5, 2.2
>            Reporter: Rick McGuire
>            Assignee: Rick McGuire
>            Priority: Critical
>             Fix For: 2.1.6, 2.2.1
>
>
> New versions of CXF and Axis2 are available containing some critical security fixes that
need to be made available for Geronimo 2.1.x and 2.2.x.  Details of the exposure can be found
here: 
> https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf
> https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message