CVE-2012-6107

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Axis2\/c
Vendor: CVE Published:; 29 September 2014

Summary

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

https://issues.apache.org/jira/browse/AXIS2C-1619

x_refsource_MISC

http://mail-archives.apache.org/mod_mbox/axis-c-dev/20130...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/57267

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 29, 2014
Vulnerability Reserved
Dec 6, 2012