Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 17451 invoked from network); 7 Jul 2010 14:53:15 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 7 Jul 2010 14:53:15 -0000 Received: (qmail 53922 invoked by uid 500); 7 Jul 2010 14:53:14 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 53847 invoked by uid 500); 7 Jul 2010 14:53:14 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 53840 invoked by uid 99); 7 Jul 2010 14:53:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 14:53:13 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 14:53:11 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o67EqnaX001745 for ; Wed, 7 Jul 2010 14:52:49 GMT Message-ID: <25190551.240061278514369315.JavaMail.jira@thor> Date: Wed, 7 Jul 2010 10:52:49 -0400 (EDT) From: "Rick McGuire (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-5383) CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. In-Reply-To: <7131992.77111276518983748.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-5383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rick McGuire updated GERONIMO-5383: ----------------------------------- Summary: CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. (was: Update to new versions of CXF and Axis2) Priority: Critical (was: Major) Description: New versions of CXF and Axis2 are available containing some critical security fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of the exposure can be found here: https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf was:New versions of CXF and Axis2 are available containing some critical fixes that need to be made available for Geronimo 2.1.x and 2.2.x > CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. > ------------------------------------------------------------------------------------------- > > Key: GERONIMO-5383 > URL: https://issues.apache.org/jira/browse/GERONIMO-5383 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: webservices > Affects Versions: 2.1.5, 2.2 > Reporter: Rick McGuire > Assignee: Rick McGuire > Priority: Critical > Fix For: 2.1.6, 2.2.1 > > > New versions of CXF and Axis2 are available containing some critical security fixes that need to be made available for Geronimo 2.1.x and 2.2.x. Details of the exposure can be found here: > https://svn.apache.org/repos/asf/axis/axis2/java/core/security/CVE-2010-1632.pdf > https://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.