5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
40.5%
Red Hat JBoss Portal is the open source implementation of the Java EE suite
of services and Portal services running atop Red Hat JBoss Enterprise
Application Platform.
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subjectβs Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)
This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.
All users of Red Hat JBoss Portal 6.2.0 as provided from the Red Hat
Customer Portal are advised to apply this update.