Описание
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Отчет
Not vulnerable. This issue only affects axis2 as shipped with Fedora. It does not affect components shipped with any Red Hat products.
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=873253axis2: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate
EPSS
Процентиль: 65%
0.00493
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 13 лет назад
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
EPSS
Процентиль: 65%
0.00493
Низкий
4.3 Medium
CVSS2