axis: missing connection hostname check against X.509 certificate name

🗓️ 25 Mar 2013 17:09:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Axis did not verify server hostname against X.509 CN or subjectAltName, enabling man-in-the-middle attacks.

Reporter	Title	Published	Views	Family All 111
IBM Security Bulletins	Security Bulletin: A vulnerability in Apache Axis affects IBM Cognos Metrics Manager (CVE-2012-5784)	15 Jun 201823:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator	5 Feb 202000:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Axis affect IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite	2 Feb 202321:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications	26 Mar 202117:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).	15 Jun 201823:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit	30 Jun 202309:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Axis	28 Mar 202517:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)	5 Feb 202000:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities	22 Jun 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)	11 Feb 202021:31	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	axis	0:1.2.1-2jpp.7.el5_9	axis-0:1.2.1-2jpp.7.el5_9.i386.rpm
Red Hat Enterprise Linux	5	ia64	axis	0:1.2.1-2jpp.7.el5_9	axis-0:1.2.1-2jpp.7.el5_9.ia64.rpm
Red Hat Enterprise Linux	5	ppc	axis	0:1.2.1-2jpp.7.el5_9	axis-0:1.2.1-2jpp.7.el5_9.ppc.rpm
Red Hat Enterprise Linux	5	s390x	axis	0:1.2.1-2jpp.7.el5_9	axis-0:1.2.1-2jpp.7.el5_9.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	axis	0:1.2.1-2jpp.7.el5_9	axis-0:1.2.1-2jpp.7.el5_9.x86_64.rpm
Red Hat Enterprise Linux	5	i386	axis-debuginfo	0:1.2.1-2jpp.7.el5_9	axis-debuginfo-0:1.2.1-2jpp.7.el5_9.i386.rpm
Red Hat Enterprise Linux	5	ia64	axis-debuginfo	0:1.2.1-2jpp.7.el5_9	axis-debuginfo-0:1.2.1-2jpp.7.el5_9.ia64.rpm
Red Hat Enterprise Linux	5	ppc	axis-debuginfo	0:1.2.1-2jpp.7.el5_9	axis-debuginfo-0:1.2.1-2jpp.7.el5_9.ppc.rpm
Red Hat Enterprise Linux	5	s390x	axis-debuginfo	0:1.2.1-2jpp.7.el5_9	axis-debuginfo-0:1.2.1-2jpp.7.el5_9.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	axis-debuginfo	0:1.2.1-2jpp.7.el5_9	axis-debuginfo-0:1.2.1-2jpp.7.el5_9.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2012-5784
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-5784
cve	www.cve.org/CVERecord

28 Jun 2026 12:22Current

6.8Medium risk

Vulners AI Score6.8

CVSS 25.8

EPSS0.05722

axis missing hostname certificate hostname check x509 certificate names subject alt name man in middle