Apache Axis2/C SSL/TLS Hostname Validation Issue
CVE-2012-6107

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Axis2\/c
Vendor: CVE Published:; 29 September 2014

Summary

The Apache Axis2/C framework suffers from a flaw where it fails to verify that the server's hostname matches the domain name in the Common Name (CN) or subjectAltName field of the X.509 certificate. This oversight can be exploited by malicious actors through man-in-the-middle attacks, allowing them to present arbitrary valid certificates and potentially spoof SSL servers. As a result, sensitive data transmitted between clients and servers could be intercepted, posing significant risks to the integrity and confidentiality of communications.

References

https://issues.apache.org/jira/browse/AXIS2C-1619

x_refsource_MISC

http://mail-archives.apache.org/mod_mbox/axis-c-dev/20130...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/57267

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 29, 2014
Vulnerability Reserved
Dec 6, 2012