[jira] [Created] (AXIS-2905) Insecure certificate validation CVE-2014-3596

David Jorm (JIRA) Mon, 18 Aug 2014 17:47:53 -0700

David Jorm created AXIS-2905:
--------------------------------

             Summary: Insecure certificate validation CVE-2014-3596
                 Key: AXIS-2905
                 URL: https://issues.apache.org/jira/browse/AXIS-2905
             Project: Axis
          Issue Type: Bug
    Affects Versions: 1.4
            Reporter: David Jorm



It was found that the fix for CVE-2012-5784 was incomplete. The code added to 
check that the server hostname matches the domain name in the subject's CN 
field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack 
where the attacker can spoof a valid certificate using a specially crafted 
subject.

For more details, see:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596
https://access.redhat.com/solutions/1164433



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (AXIS-2905) Insecure certificate validation CVE-2014-3596

Reply via email to