Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-5784
Description:Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Test IDs: 1.3.6.1.4.1.25623.1.0.870933   1.3.6.1.4.1.25623.1.0.870971   1.3.6.1.4.1.25623.1.0.865314   1.3.6.1.4.1.25623.1.0.865299   1.3.6.1.4.1.25623.1.0.881697   1.3.6.1.4.1.25623.1.0.120389   1.3.6.1.4.1.25623.1.0.123655   1.3.6.1.4.1.25623.1.0.123725  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-5784
BugTraq ID: 56408
http://www.securityfocus.com/bid/56408
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E
RedHat Security Advisories: RHSA-2013:0269
http://rhn.redhat.com/errata/RHSA-2013-0269.html
RedHat Security Advisories: RHSA-2013:0683
http://rhn.redhat.com/errata/RHSA-2013-0683.html
RedHat Security Advisories: RHSA-2014:0037
http://rhn.redhat.com/errata/RHSA-2014-0037.html
http://secunia.com/advisories/51219
SuSE Security Announcement: openSUSE-SU-2019:1497 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html
SuSE Security Announcement: openSUSE-SU-2019:1526 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html
XForce ISS Database: apache-axis-ssl-spoofing(79829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829




© 1998-2024 E-Soft Inc. All rights reserved.