CVE-2012-5784

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-5784

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-5784.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-5784

Aliases

GHSA-55w9-c3g2-4rrh

Related

Published

2012-11-04T22:55:03Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

Affected packages

Debian:11 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4-16.1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4-16.1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / axis

Package

Name: axis
Purl: pkg:deb/debian/axis?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4-16.1

Ecosystem specific

{
    "urgency": "low"
}