[
https://issues.apache.org/jira/browse/AXIS-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16612453#comment-16612453
]
robert lazarski commented on AXIS-2925:
---------------------------------------
Both of those are related to HTTPS certificates. At a glance you would be
affected if you are running axis 1.4 over HTTPS.
Those CVE's remain in Axis 1.x as there has not been an official release since
2006. I do notice AXIS-2905 has a patch included for CVE-2014-3596 but it has
not been applied yet.
Axis2 has frequent releases and upgrading to that is highly suggested.
> Vulnerability in Axis 1.4
> -------------------------
>
> Key: AXIS-2925
> URL: https://issues.apache.org/jira/browse/AXIS-2925
> Project: Axis
> Issue Type: Bug
> Reporter: tanishq pruthi
> Priority: Major
>
> Hi Team
> I am still using 1.4 in one of my project, and when i run dependency checker
> tool , it shows me following vulnerability in axis.jar
> CVE-2014-3596
> CVE-2012-5784
> Is there any update available to fix these in 1.4 or do i have to update my
> project to use axis2
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
