FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Affected packages
axis2 < 1.7.4

Details

VuXML ID ac18046c-9b08-11e6-8011-005056925db4
Discovery 2012-12-06
Entry 2016-10-28

Apache Axis2 reports:

Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation (AXIS2-4739) and XSS (AXIS2-5683) vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by known security vulnerabilities (CVE-2012-6153 and CVE-2014-3577); see AXIS2-5757.

References

CVE Name CVE-2012-6153
CVE Name CVE-2014-3577
URL http://axis.apache.org/axis2/java/core/release-notes/1.7.4.html
URL https://issues.apache.org/jira/browse/AXIS2-4739
URL https://issues.apache.org/jira/browse/AXIS2-5683
URL https://issues.apache.org/jira/browse/AXIS2-5757