Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881697
Category:CentOS Local Security Checks
Title:CentOS Update for axis CESA-2013:0683 centos5
Summary:The remote host is missing an update for the 'axis'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'axis'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Axis is an implementation of SOAP (Simple Object Access Protocol).
It can be used to build both web service clients and servers.

Apache Axis did not verify that the server hostname matched the domain name
in the subject's Common Name (CN) or subjectAltName field in X.509
certificates. This could allow a man-in-the-middle attacker to spoof an SSL
server if they had a certificate that was valid for any domain name.
(CVE-2012-5784)

All users of axis are advised to upgrade to these updated packages, which
correct this issue. Applications using Apache Axis must be restarted for
this update to take effect.

Affected Software/OS:
axis on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5784
BugTraq ID: 56408
http://www.securityfocus.com/bid/56408
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E
RedHat Security Advisories: RHSA-2013:0269
http://rhn.redhat.com/errata/RHSA-2013-0269.html
RedHat Security Advisories: RHSA-2013:0683
http://rhn.redhat.com/errata/RHSA-2013-0683.html
RedHat Security Advisories: RHSA-2014:0037
http://rhn.redhat.com/errata/RHSA-2014-0037.html
http://secunia.com/advisories/51219
SuSE Security Announcement: openSUSE-SU-2019:1497 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html
SuSE Security Announcement: openSUSE-SU-2019:1526 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html
XForce ISS Database: apache-axis-ssl-spoofing(79829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.