org.apache.axis2:axis2@1.7.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.axis2:axis2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Certificate Validation

org.apache.axis2:axis2 is a malicious package. It does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

How to fix Improper Certificate Validation?

Upgrade org.apache.axis2:axis2 to version 1.8.0 or higher.

[,1.8.0)