CVE-2014-3596
Published Aug 27, 2014
Last updated 2 years ago
Overview
- Description
- The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/297.html" target="_blank">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:axis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "827FBA12-D294-4BE1-A40C-41F924CF0F4F",
"versionEndIncluding": "1.4"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73757AE0-90E2-4043-BCB3-4E4046966CDB"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C174104D-8503-4980-A94E-BDBF0B93DCDA"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87D85696-F3B1-464A-B128-6BC4B927CBFE"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4B1A6AF-6A53-4366-8651-86A496038F68"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F72EF91-1228-4C74-9EBE-10C8CE0FB2F8"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C65CCC42-5AC7-4DF6-9BEF-7408A1EE51EC"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B2FB9F2-AC00-4E70-A87F-63EBB0A0EC0E"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28740512-6B79-4497-8E47-DEF23CABDE07"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A28F00E-C3DE-4D21-9773-B57D297A639A"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BCCACB-2AB4-4A54-8112-C3B741F32D15"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC2647DC-521E-46FF-BB91-6C6CB8A250A5"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC9CEDDA-B2BD-40DE-9726-738D321E2AFB"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04FD771B-D047-48C3-8190-A1AF718C0940"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F31760CD-32DB-4414-99C0-9837CCC7B205"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4877D35D-57F6-4AAD-BCDA-F93CEAD82098"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F308E0-086B-41A2-9BCF-0DF095DB9D3C"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD0F7632-377A-4C0C-9F5F-648F81BF5267"
},
{
"criteria": "cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4304E82-831C-4104-8D1E-18B72AFF1D23"
}
],
"operator": "OR"
}
]
}
]