Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for axis RHSA-2014:1193-01
Summary:The remote host is missing an update for the 'axis'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'axis'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Axis is an implementation of SOAP
(Simple Object Access Protocol). It can be used to build both web service clients
and servers.

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)

For additional information on this flaw, refer to the Knowledgebase article
in the References section.

This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.

All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using Apache
Axis must be restarted for this update to take effect.

Affected Software/OS:
axis on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3596
BugTraq ID: 69295
RedHat Security Advisories: RHSA-2014:1193
SuSE Security Announcement: openSUSE-SU-2019:1497 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1526 (Google Search)
XForce ISS Database: apache-axis-cve20143596-spoofing(95377)
Common Vulnerability Exposure (CVE) ID: CVE-2012-5784
BugTraq ID: 56408
RedHat Security Advisories: RHSA-2013:0269
RedHat Security Advisories: RHSA-2013:0683
RedHat Security Advisories: RHSA-2014:0037
XForce ISS Database: apache-axis-ssl-spoofing(79829)
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.