SSL Spoofing Vulnerability in Apache Axis Products
CVE-2012-5784

Currently unrated

Key Information:

Vendor

Apache
Status
Axis
Mass Pay
Transactional Information Soap
Payments Pro
Vendor
CVE Published:
4 November 2012

What is CVE-2012-5784?

The vulnerability arises from Apache Axis and related products failing to ensure that the server hostname matches the domain specified in the X.509 certificate's Common Name (CN) or subjectAltName field. This oversight can be exploited by attackers to perform man-in-the-middle attacks, enabling them to impersonate legitimate SSL servers with valid certificates, consequently jeopardizing the integrity and confidentiality of sensitive data being transmitted.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2013-0269.html
vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-0037.html
vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/51219
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.