Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- axis2, axis2c
From: David Jorm <djorm () redhat com>
Date: Wed, 07 Nov 2012 17:27:52 +1000

On 11/07/2012 05:12 PM, Seth Arnold wrote:
Hello Kurt, Steve, all,

I did not find CVEs for Axis2 or Axis2/c when going through the pile of
CVEs generated from the paper:


Axis appeared to get CVE-2012-5784 but it is my understanding that Axis2
and Axis2/c are different codebases and should therefore get their own
CVE entries.

shmat_cccs12.pdf claims Axis2 is vulnerable but silent on Axis2/c.

Has anyone else looked into if Axis2/c is vulnerable? (I gave it a very
cursory inspection.) The project pages are silent on the issue.

Did I overlook these CVE entries?


Axis2/Java has been assigned CVE-2012-5785. There is no CVE ID for Axis2/c that I am aware of, and I am not aware that anyone has investigated whether it is vulnerable.

David Jorm / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]