Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- axis2, axis2c
From: David Jorm <djorm () redhat com>
Date: Wed, 07 Nov 2012 17:27:52 +1000

On 11/07/2012 05:12 PM, Seth Arnold wrote:
Hello Kurt, Steve, all,

I did not find CVEs for Axis2 or Axis2/c when going through the pile of
CVEs generated from the paper:

http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf

Axis appeared to get CVE-2012-5784 but it is my understanding that Axis2
and Axis2/c are different codebases and should therefore get their own
CVE entries.

shmat_cccs12.pdf claims Axis2 is vulnerable but silent on Axis2/c.

Has anyone else looked into if Axis2/c is vulnerable? (I gave it a very
cursory inspection.) The project pages are silent on the issue.

Did I overlook these CVE entries?

Thanks

Axis2/Java has been assigned CVE-2012-5785. There is no CVE ID for Axis2/c that I am aware of, and I am not aware that anyone has investigated whether it is vulnerable.

Thanks
--
David Jorm / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault