MGASA-2013-0200

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0200.html

Import Source

https://advisories.mageia.org/MGASA-2013-0200.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0200

Related

CVE-2012-5784

Published

2013-07-06T14:12:34Z

Modified

2013-07-06T14:12:29Z

Summary

Updated axis package fixes security vulnerability

Details

Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name (CVE-2012-5784).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / axis

Package

Name: axis
Purl: pkg:rpm/mageia/axis?distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4-6.1.mga2

Ecosystem specific

{
    "section": "core"
}