[
https://issues.apache.org/jira/browse/CXF-5627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941544#comment-13941544
]
Rajendrappa commented on CXF-5627:
----------------------------------
Hi,
it is mentioned like below, please check this URL:
http://xforce.iss.net/xforce/xfdb/79983
Apache CXF could allow a remote attacker to conduct spoofing attacks, caused by
the failure to verify that the server hostname matches a domain name in the
subject's Common Name (CN) field of the X.509 certificate by the
wsdl_first_https sample code. By persuading a victim to visit a Web site
containing a specially-crafted certificate, an attacker could exploit this
vulnerability using man-in-the-middle techniques to spoof an SSL server.
> Vulnerability Fix available in latets release?
> ----------------------------------------------
>
> Key: CXF-5627
> URL: https://issues.apache.org/jira/browse/CXF-5627
> Project: CXF
> Issue Type: Task
> Affects Versions: 2.7.6
> Reporter: Rajendrappa
> Assignee: Colm O hEigeartaigh
>
> Hi,
> I want to know , the below mentioned Security Vulnerability is fixed in which
> release.
> Title Apache CFX All Versions - SSL Hostname Check Vulnerability -
> CVE-2012-5786
--
This message was sent by Atlassian JIRA
(v6.2#6252)
