cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajendrappa (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5627) Vulnerability Fix available in latets release?
Date Thu, 20 Mar 2014 09:25:42 GMT

    [ https://issues.apache.org/jira/browse/CXF-5627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941544#comment-13941544
] 

Rajendrappa commented on CXF-5627:
----------------------------------

Hi,
it is mentioned  like below, please check this URL: http://xforce.iss.net/xforce/xfdb/79983


Apache CXF could allow a remote attacker to conduct spoofing attacks, caused by the failure
to verify that the server hostname matches a domain name in the subject's Common Name (CN)
field of the X.509 certificate by the wsdl_first_https sample code. By persuading a victim
to visit a Web site containing a specially-crafted certificate, an attacker could exploit
this vulnerability using man-in-the-middle techniques to spoof an SSL server.









> Vulnerability Fix available in latets release?
> ----------------------------------------------
>
>                 Key: CXF-5627
>                 URL: https://issues.apache.org/jira/browse/CXF-5627
>             Project: CXF
>          Issue Type: Task
>    Affects Versions: 2.7.6
>            Reporter: Rajendrappa
>            Assignee: Colm O hEigeartaigh
>
> Hi,
> I want to know , the below mentioned Security Vulnerability is fixed in which release.
> Title Apache CFX All Versions - SSL Hostname Check Vulnerability - CVE-2012-5786



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message