CVE-2014-3596

Published Aug 27, 2014

Last updated 3 months ago

CVSS info 5.8

Overview

Description: The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/297.html" target="_blank">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "827FBA12-D294-4BE1-A40C-41F924CF0F4F",
            "versionEndIncluding": "1.4"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73757AE0-90E2-4043-BCB3-4E4046966CDB"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C174104D-8503-4980-A94E-BDBF0B93DCDA"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87D85696-F3B1-464A-B128-6BC4B927CBFE"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4B1A6AF-6A53-4366-8651-86A496038F68"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F72EF91-1228-4C74-9EBE-10C8CE0FB2F8"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C65CCC42-5AC7-4DF6-9BEF-7408A1EE51EC"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B2FB9F2-AC00-4E70-A87F-63EBB0A0EC0E"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28740512-6B79-4497-8E47-DEF23CABDE07"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A28F00E-C3DE-4D21-9773-B57D297A639A"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BCCACB-2AB4-4A54-8112-C3B741F32D15"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC2647DC-521E-46FF-BB91-6C6CB8A250A5"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC9CEDDA-B2BD-40DE-9726-738D321E2AFB"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04FD771B-D047-48C3-8190-A1AF718C0940"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F31760CD-32DB-4414-99C0-9837CCC7B205"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4877D35D-57F6-4AAD-BCDA-F93CEAD82098"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38F308E0-086B-41A2-9BCF-0DF095DB9D3C"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD0F7632-377A-4C0C-9F5F-648F81BF5267"
          },
          {
            "criteria": "cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4304E82-831C-4104-8D1E-18B72AFF1D23"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References