Apache Axis incomplete repair SSL certificate verification Bypass Vulnerability (CVE-2014-3596)
Release date:
Updated on:
Affected Systems:
Apache Group Axis
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69295
CVE (CAN) ID: CVE-2014-3596
Apache Axis is a fully functional Web service implementation framework, while Axis2 is a restructured version of axis1.
Vulnerability CVE-2012-5784 repair is not complete, check whether the server host name matches the domain name in the topic CN field in the Code there is a vulnerability, which can enable Man-in-the-middle attackers to deceive valid certificates with the constructed topic.
<* Source: David Jorm
Arun Neelicattu
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
Refer:
Https://issues.apache.org/jira/browse/AXIS-2905
This article permanently updates the link address: