Lucene search

RedhatCVE-2012-6107

HistorySep 29, 2014 - 10:55 p.m.

CVE-2012-6107

2014-09-2922:55:05

CWE-310

redhat

web.nvd.nist.gov

cve

2012

6107

apache axis2

ssl

servers

spoofing

certificate

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected configurations

Nvd

Node

apacheapache_axis2\/cMatch-

VendorProductVersionCPE
apacheapache_axis2\/c-cpe:2.3:a:apache:apache_axis2\/c:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	apache_axis2\/c	-	cpe:2.3:a:apache:apache_axis2\/c:-:::::::*

References

mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser

www.securityfocus.com/bid/57267

bugzilla.redhat.com/show_bug.cgi?id=894372

exchange.xforce.ibmcloud.com/vulnerabilities/81211

issues.apache.org/jira/browse/AXIS2C-1619

lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E

lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E

lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E

lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for CVE-2012-6107