QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-3596

Back to search

CVE-2014-3596

Published: Aug 27, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

VendorProductVersions

n/a

n/a

affected
n/a

References

1030745
vdb-entry
x_refsource_SECTRACK
61222
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1193
vendor-advisory
x_refsource_REDHAT
69295
vdb-entry
x_refsource_BID
openSUSE-SU-2019:1497
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:1526
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now