[ https://issues.apache.org/jira/browse/AXIS-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Lazarski closed AXIS-2883. --------------------------------- Assignee: Robert Lazarski > Insecure certificate validation CVE-2012-5784 > --------------------------------------------- > > Key: AXIS-2883 > URL: https://issues.apache.org/jira/browse/AXIS-2883 > Project: Axis > Issue Type: Bug > Affects Versions: 1.4 > Environment: All > Reporter: Alberto Fernández > Assignee: Robert Lazarski > Priority: Major > Attachments: CVE-2012-5784-2.patch > > > See. > http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf > Using JSSE you must manually validate server name you're connecting to > matches one of the names provided by the certificate. So you can detect a > man-in-the-middle type attack with a valid certificate for other site. > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784 -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org