Lucene search
GoogleOSV:DLA-169-1HistoryMar 10, 2015 - 12:00 a.m.
axis - security update
2015-03-1000:00:00
Google
osv.dev
15
0.001 Low
EPSS
Percentile
46.5%
A vulnerability was fixed in axis, a SOAP implementation in Java:
The getCN function in Apache Axis 1.4 and earlier does not properly verify
that the server hostname matches a domain name in the subjectβs Common Name
(CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof SSL servers via a certificate with a
subject that specifies a common name in a field that is not the CN field.
Thanks to Markus Koschany for providing the fixed package and David Jorm
and Arun Neelicattu (Red Hat Product Security) for providing the patch.
For Debian 6 Squeeze, these issues have been fixed in axis version 1.4-12+deb6u1
References
Related
suse
suse
Security update for axis (moderate)
2019-06-07 00:00:00
Security update for axis (moderate)
2019-06-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for axis (openSUSE-SU-2019:1526-1)
2019-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1382-1)
2021-04-19 00:00:00
RedHat Update for axis RHSA-2014:1193-01
2014-09-16 00:00:00
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:01:11
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 09:00:12
debiancve
debiancve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
nessus
nessus
F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)
2016-09-02 00:00:00
openSUSE Security Update : axis (openSUSE-2019-1497)
2019-06-04 00:00:00
openSUSE Security Update : axis (openSUSE-2019-1526)
2019-06-10 00:00:00
f5
f5
SOL16821 - Apache Axis vulnerability CVE-2014-3596
2015-06-29 00:00:00
K16821 : Apache Axis vulnerability CVE-2014-3596
2015-11-11 00:00:00
SOL14371 - Apache Axis vulnerability CVE-2012-5784
2013-05-06 00:00:00
osv
osv
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
ubuntucve
ubuntucve
CVE-2012-5784
2012-11-04 00:00:00
CVE-2014-3596
2014-08-27 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)
2020-02-05 00:53:36
github
github
Improper Validation of Certificates in apache axis
2018-10-16 20:50:58
Man-in-the-middle attack in Apache Axis
2020-10-07 17:51:02
prion
prion
Code injection
2014-08-27 00:55:00
Design/Logic Flaw
2012-11-04 22:55:00
nvd
nvd
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
cvelist
cvelist
CVE-2014-3596
2014-08-27 00:00:00
CVE-2012-5784
2012-11-04 22:00:00
cve
cve
CVE-2014-3596
2014-08-27 00:55:05
CVE-2012-5784
2012-11-04 22:55:03
debian
debian
[SECURITY] [DLA 169-1] axis security update
2015-03-10 18:47:07
oraclelinux
oraclelinux
axis security update
2013-03-25 00:00:00
axis security update
2014-09-15 00:00:00
axis security update
2013-02-19 00:00:00
redhat
redhat
(RHSA-2013:0683) Moderate: axis security update
2013-03-25 00:00:00
(RHSA-2013:0269) Moderate: axis security update
2013-02-19 00:00:00
(RHSA-2014:1193) Important: axis security update
2014-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: axis-1.4-19.fc17
2013-02-01 17:16:41
[SECURITY] Fedora 18 Update: axis-1.4-19.fc18
2013-02-01 16:58:10
centos
centos
axis security update
2014-09-15 16:46:18
axis security update
2013-03-25 20:27:08
mageia
mageia
Updated axis packages fix CVE-2014-3596
2014-12-26 20:04:58
Updated axis package fixes security vulnerability
2013-07-06 18:12:34
amazon
amazon
Important: axis
2014-09-17 21:47:00
Medium: axis
2013-03-02 16:50:00
gitlab
gitlab
Improper Input Validation
2020-10-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00