2 matches found
MGASA-2018-0431 Updated axis packages fix security vulnerability
Updated axis packages fix security vulnerability: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting XSS attack in the default servlet/services CVE-2018-8032...
MGASA-2014-0549 Updated axis packages fix CVE-2014-3596
Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...