axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jorm (JIRA)" <>
Subject [jira] [Created] (AXIS-2905) Insecure certificate validation CVE-2014-3596
Date Tue, 19 Aug 2014 00:47:18 GMT
David Jorm created AXIS-2905:

             Summary: Insecure certificate validation CVE-2014-3596
                 Key: AXIS-2905
             Project: Axis
          Issue Type: Bug
    Affects Versions: 1.4
            Reporter: David Jorm

It was found that the fix for CVE-2012-5784 was incomplete. The code added to check that the
server hostname matches the domain name in the subject's CN field was flawed. This can be
exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate
using a specially crafted subject.

For more details, see:

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message