mailing list archives
Re: CVE Request -- axis2, axis2c
From: David Jorm <djorm () redhat com>
Date: Wed, 07 Nov 2012 17:27:52 +1000
On 11/07/2012 05:12 PM, Seth Arnold wrote:
Hello Kurt, Steve, all,
I did not find CVEs for Axis2 or Axis2/c when going through the pile of
CVEs generated from the paper:
Axis appeared to get CVE-2012-5784 but it is my understanding that Axis2
and Axis2/c are different codebases and should therefore get their own
shmat_cccs12.pdf claims Axis2 is vulnerable but silent on Axis2/c.
Has anyone else looked into if Axis2/c is vulnerable? (I gave it a very
cursory inspection.) The project pages are silent on the issue.
Did I overlook these CVE entries?
Axis2/Java has been assigned CVE-2012-5785. There is no CVE ID for
Axis2/c that I am aware of, and I am not aware that anyone has
investigated whether it is vulnerable.
David Jorm / Red Hat Security Response Team