FreeBSD Bugzilla – Attachment 175835 Details for
Bug 213546
security/vuxml: Document axis2 vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml-axis2.patch
vuxml-axis2.patch (text/plain), 1.60 KB, created by
Danilo G. Baio
on 2016-10-16 20:00:33 UTC
(
hide
)
Description:
vuxml-axis2.patch
Filename:
MIME Type:
Creator:
Danilo G. Baio
Created:
2016-10-16 20:00:33 UTC
Size:
1.60 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 424057) >+++ vuln.xml (working copy) >@@ -58,6 +58,37 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="0baadc45-92d0-11e6-8011-005056925db4"> >+ <topic>Axis2 -- Cross-site scripting (XSS) vulnerability</topic> >+ <affects> >+ <package> >+ <name>axis2</name> >+ <range><lt>1.7.3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Apache Axis2 reports:</p> >+ <blockquote cite="http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html"> >+ <p>Apache Axis2 1.7.3 is a security release that contains a fix for >+CVE-2010-3981. That security vulnerability affects the admin console that is >+part of the Axis2 Web application and was originally reported for SAP >+BusinessObjects (which includes a version of Axis2). That report didn't mention >+Axis2 at all and the Axis2 project only recently became aware (thanks to Devesh >+Bhatt and Nishant Agarwala) that the issue affects Apache Axis2 as well.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://axis.apache.org/axis2/java/core/release-notes/1.7.3.html</url> >+ <cvename>CVE-2010-3981</cvename> >+ </references> >+ <dates> >+ <discovery>2010-10-18</discovery> >+ <entry>2016-10-16</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="43f1c867-654a-11e6-8286-00248c0c745d"> > <topic>Rails 4 -- Possible XSS Vulnerability in Action View</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=175835">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 213546
: 175835