Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-1193

Опубликовано: 15 сент. 2014
Источник: oracle-oval
Платформа: Oracle Linux 5
Платформа: Oracle Linux 6

Описание

ELSA-2014-1193: axis security update (IMPORTANT)

[0:1.2.1-7.5]

  • Fix MITM security vulnerability
  • Use GCJ friendly patch
  • Resolves: CVE-2014-3596

[0:1.2.1-7.4]

  • Fix MITM security vulnerability
  • Resolves: CVE-2014-3596

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

axis

1.2.1-2jpp.8.el5_10

axis-javadoc

1.2.1-2jpp.8.el5_10

axis-manual

1.2.1-2jpp.8.el5_10

Oracle Linux x86_64

axis

1.2.1-2jpp.8.el5_10

axis-javadoc

1.2.1-2jpp.8.el5_10

axis-manual

1.2.1-2jpp.8.el5_10

Oracle Linux i386

axis

1.2.1-2jpp.8.el5_10

axis-javadoc

1.2.1-2jpp.8.el5_10

axis-manual

1.2.1-2jpp.8.el5_10

Oracle Linux 6

Oracle Linux x86_64

axis

1.2.1-7.5.el6_5

axis-javadoc

1.2.1-7.5.el6_5

axis-manual

1.2.1-7.5.el6_5

Oracle Linux i686

axis

1.2.1-7.5.el6_5

axis-javadoc

1.2.1-7.5.el6_5

axis-manual

1.2.1-7.5.el6_5

Oracle Linux sparc64

axis

1.2.1-7.5.el6_5

axis-javadoc

1.2.1-7.5.el6_5

axis-manual

1.2.1-7.5.el6_5

Связанные CVE

CVE-2014-3596

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2014-3596

ubuntu
почти 11 лет назад

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

redhat логотип

CVE-2014-3596

redhat
около 11 лет назад

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

nvd логотип

CVE-2014-3596

nvd
почти 11 лет назад

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

debian логотип

CVE-2014-3596

debian
почти 11 лет назад

The getCN function in Apache Axis 1.4 and earlier does not properly ve ...

github логотип

GHSA-r53v-vm87-f72c

github
почти 7 лет назад

Improper Validation of Certificates in apache axis