cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajendrappa (JIRA)" <>
Subject [jira] [Commented] (CXF-5627) Vulnerability Fix available in latets release?
Date Thu, 20 Mar 2014 09:25:42 GMT


Rajendrappa commented on CXF-5627:

it is mentioned  like below, please check this URL:

Apache CXF could allow a remote attacker to conduct spoofing attacks, caused by the failure
to verify that the server hostname matches a domain name in the subject's Common Name (CN)
field of the X.509 certificate by the wsdl_first_https sample code. By persuading a victim
to visit a Web site containing a specially-crafted certificate, an attacker could exploit
this vulnerability using man-in-the-middle techniques to spoof an SSL server.

> Vulnerability Fix available in latets release?
> ----------------------------------------------
>                 Key: CXF-5627
>                 URL:
>             Project: CXF
>          Issue Type: Task
>    Affects Versions: 2.7.6
>            Reporter: Rajendrappa
>            Assignee: Colm O hEigeartaigh
> Hi,
> I want to know , the below mentioned Security Vulnerability is fixed in which release.
> Title Apache CFX All Versions - SSL Hostname Check Vulnerability - CVE-2012-5786

This message was sent by Atlassian JIRA

View raw message