Insecure Certificate Validation in Apache Axis 1.4 and Earlier
CVE-2014-3596

Currently unrated

Key Information:

Vendor

Apache
Status
Axis
Vendor
CVE Published:
27 August 2014

What is CVE-2014-3596?

The getCN function in Apache Axis 1.4 and earlier versions fails to validate that the server hostname corresponds with the domain specified in the X.509 certificate's Common Name (CN) or subjectAltName fields. This vulnerability introduces a risk where man-in-the-middle attackers can exploit this oversight to spoof SSL servers, allowing them to serve malicious content while appearing legitimate. The issue persists due to an incomplete resolution of a related vulnerability previously identified.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2014/08/20/2
mailing-listx_refsource_MLIST
https://issues.apache.org/jira/browse/AXIS-2905
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/95377
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.