CVE-2012-5785
Published Nov 4, 2012
Last updated 7 years ago
Overview
- Description
- Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E73D78CB-2DF5-4465-B12D-AF3F6A669279",
"versionEndIncluding": "1.6.2"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38D8E446-7735-49C4-83E3-F1E6448ABD43"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89046700-F2B9-4468-AB71-3451401C16DC"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C90C54B-DB25-48FC-BAC5-46050E2A80A8"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "187817CD-F8E3-4D3C-AB3F-6F4DBAD966FE"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EA975A4-72B8-4C92-BDC6-9E8039FFD0BF"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20DB6740-3556-4286-99F3-4B013F58F202"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEC87179-CCFA-45D4-98C1-7D594EC88999"
},
{
"criteria": "cpe:2.3:a:apache:axis2:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFFD1F4F-8BCE-4CAB-A006-2A4624A249A2"
}
],
"operator": "OR"
}
]
}
]