29 matches found
MiracleLinux 4 : axis-1.2.1-7.5.AXS4 (AXSA:2014-534:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-534:01 advisory. Description : Apache AXIS is an implementation of the SOAP Simple Object Access Protocol submission to W3C. From the draft W3C specification: SOAP is a...
MiracleLinux 3 : axis-1.2.1-2jpp.8.AXS3 (AXSA:2014-536:01)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-536:01 advisory. Description : Apache AXIS is an implementation of the SOAP Simple Object Access Protocol submission to W3C. From the draft W3C specification: SOAP is a...
Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784
Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784. Vulnerability Details CVEID:CVE-2018-8032 DESCRIPTION: Apache Axis 1.x up ...
SUSE CVE-2014-3596
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...
SUSE: Security Advisory (SUSE-SU-2019:1373-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:1382-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple Vulnerabilities found in Axis.jar V1.x may affect IBM Content Collector for SAP Applications
Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Axis.jar V1.x Vulnerability Details CVEID: CVE-2018-8032 DESCRIPTION: Apache Axis is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default...
Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the...
SUSE-SU-2019:1373-2 Security update for axis
This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name bsc1134598...
openSUSE Security Update : axis (openSUSE-2019-1526)
This update for axis fixes the following issues : Security issue fixed : - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name bsc1134598. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network...
openSUSE: Security Advisory for axis (openSUSE-SU-2019:1526-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : axis (openSUSE-2019-1497)
This update for axis fixes the following issues : Security issue fixed : - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name bsc1134598. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...
openSUSE: Security Advisory for axis (openSUSE-SU-2019:1497-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2019:1373-1 Security update for axis
This update for axis fixes the following issues: Security issue fixed: - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name bsc1134598...
activemq:activemq (=1.1), activemq:activemq-optional (=3.2) +325 more potentially affected by CVE-2014-3596 via axis:axis (>=1.2 <=1.4)
axis:axis MAVEN version =1.2, =1.2.5, =1.1.0, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2014-3596 Source advisory: OSV:GHSA-R53V-VM87-F72C...
Security Bulletin: Vulnerability in Apache Axis affects IBM Cúram Social Program Management (CVE-2014-3596)
Summary IBM Cúram Social Program Management uses the Apache Axis Library. Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject's Common Name CN...
Security Bulletin: Two vulnerabilities exist in IBM Case Foundation and FileNet Business Process Manager (CVE-2012-5784 and CVE-2014-3596)
Summary Apache Axis contains two security vulnerabilities that could allow for spoofing attacks. See the individual descriptions below for the details. Vulnerability Details CVE-ID: CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct...
Security Bulletin: Security Vulnerability in Apache Axis affects IBM WebSphere Dashboard Framework (CVE-2014-3596)
Summary There is an insecure certificate validation CVE-2014-3596 in Apache Axis which is bundled with IBM WebSphere Dashboard Framework. Vulnerability Details IBM WebSphere Dashboard Framework WDF bundles a copy of Apache Axis which can be used to make web service requests. A vulnerability in Ax...
Amazon Linux: Security Advisory (ALAS-2014-412)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated axis packages fix CVE-2014-3596
Updated axis packages fixes security vulnerability: It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name CN field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate...