|
|
Log in / Subscribe / Register

axis: SSL hostname verification bypass

Package(s):axis CVE #(s):CVE-2014-3596
Created:September 15, 2014 Updated:December 29, 2014
Description: From the CVE entry:

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Alerts:
Debian-LTS DLA-169-1 axis 2015-03-10
Mageia MGASA-2014-0549 axis 2014-12-26
Scientific Linux SLSA-2014:1193-1 axis 2014-09-15
Oracle ELSA-2014-1193 axis 2014-09-15
Oracle ELSA-2014-1193 axis 2014-09-15
CentOS CESA-2014:1193 axis 2014-09-15
CentOS CESA-2014:1193 axis 2014-09-15
Red Hat RHSA-2014:1193-01 axis 2014-09-15
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds