Back to search
CVE-2012-5784
Published: Nov 4, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2013:0269
vendor-advisory
x_refsource_REDHAT
RHSA-2014:0037
vendor-advisory
x_refsource_REDHAT
51219
third-party-advisory
x_refsource_SECUNIA
RHSA-2013:0683
vendor-advisory
x_refsource_REDHAT
56408
vdb-entry
x_refsource_BID
apache-axis-ssl-spoofing(79829)
vdb-entry
x_refsource_XF
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
x_refsource_MISC
[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
mailing-list
x_refsource_MLIST
[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596
mailing-list
x_refsource_MLIST
openSUSE-SU-2019:1497
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1526
vendor-advisory
x_refsource_SUSE
[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
mailing-list
x_refsource_MLIST
[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596
mailing-list
x_refsource_MLIST
[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now