oss-sec mailing list archives
Re: CVE Request -- axis2, axis2c
From: David Jorm <djorm () redhat com>
Date: Wed, 07 Nov 2012 17:27:52 +1000
On 11/07/2012 05:12 PM, Seth Arnold wrote:
Hello Kurt, Steve, all, I did not find CVEs for Axis2 or Axis2/c when going through the pile of CVEs generated from the paper: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf Axis appeared to get CVE-2012-5784 but it is my understanding that Axis2 and Axis2/c are different codebases and should therefore get their own CVE entries. shmat_cccs12.pdf claims Axis2 is vulnerable but silent on Axis2/c. Has anyone else looked into if Axis2/c is vulnerable? (I gave it a very cursory inspection.) The project pages are silent on the issue. Did I overlook these CVE entries? Thanks
Axis2/Java has been assigned CVE-2012-5785. There is no CVE ID for Axis2/c that I am aware of, and I am not aware that anyone has investigated whether it is vulnerable.
Thanks -- David Jorm / Red Hat Security Response Team
Current thread:
- CVE Request -- axis2, axis2c Seth Arnold (Nov 06)
- Re: CVE Request -- axis2, axis2c David Jorm (Nov 06)