Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871241
Category:Red Hat Local Security Checks
Title:RedHat Update for axis RHSA-2014:1193-01
Summary:The remote host is missing an update for the 'axis'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'axis'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Apache Axis is an implementation of SOAP
(Simple Object Access Protocol). It can be used to build both web service clients
and servers.

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)

For additional information on this flaw, refer to the Knowledgebase article
in the References section.

This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.

All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using Apache
Axis must be restarted for this update to take effect.

Affected Software/OS:
axis on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3596
BugTraq ID: 69295
http://www.securityfocus.com/bid/69295
https://issues.apache.org/jira/browse/AXIS-2905
https://www.oracle.com/security-alerts/cpujan2020.html
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E
http://www.openwall.com/lists/oss-security/2014/08/20/2
RedHat Security Advisories: RHSA-2014:1193
http://rhn.redhat.com/errata/RHSA-2014-1193.html
http://www.securitytracker.com/id/1030745
http://secunia.com/advisories/61222
SuSE Security Announcement: openSUSE-SU-2019:1497 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html
SuSE Security Announcement: openSUSE-SU-2019:1526 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html
XForce ISS Database: apache-axis-cve20143596-spoofing(95377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95377
Common Vulnerability Exposure (CVE) ID: CVE-2012-5784
BugTraq ID: 56408
http://www.securityfocus.com/bid/56408
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
RedHat Security Advisories: RHSA-2013:0269
http://rhn.redhat.com/errata/RHSA-2013-0269.html
RedHat Security Advisories: RHSA-2013:0683
http://rhn.redhat.com/errata/RHSA-2013-0683.html
RedHat Security Advisories: RHSA-2014:0037
http://rhn.redhat.com/errata/RHSA-2014-0037.html
http://secunia.com/advisories/51219
XForce ISS Database: apache-axis-ssl-spoofing(79829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.