15. 論文引用
• Codehaus XFire is another open-source Java implementation of SOAP
• Both versions of HttpClient rely on SSLSocketFactory for SSL connection establishment but mistak
enly omit hostname verification (Section 4.2).
• SSL vulnerabilities caused by bugs in Web-services middleware are pervasive in Amazon libraries.
Affected software includes Amazon EC2 API Tools Java library, which uses XFire to set up SSL conn
ections to EC2 servers