ID CVE-2014-3596
Summary The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
References
Vulnerable Configurations
  • Apache Software Foundation Axis 1.4
    cpe:2.3:a:apache:axis:1.4
  • Apache Software Foundation Axis 1.3
    cpe:2.3:a:apache:axis:1.3
  • Apache Software Foundation Axis 1.2.1
    cpe:2.3:a:apache:axis:1.2.1
  • Apache Software Foundation Axis 1.2 release candidate 3
    cpe:2.3:a:apache:axis:1.2:rc3
  • Apache Software Foundation Axis 1.2 release candidate 2
    cpe:2.3:a:apache:axis:1.2:rc2
  • Apache Software Foundation Axis 1.2 release candidate 1
    cpe:2.3:a:apache:axis:1.2:rc1
  • Apache Software Foundation Axis 1.2 beta3
    cpe:2.3:a:apache:axis:1.2:beta3
  • Apache Software Foundation Axis 1.2 beta2
    cpe:2.3:a:apache:axis:1.2:beta2
  • Apache Software Foundation Axis 1.2 beta1
    cpe:2.3:a:apache:axis:1.2:beta1
  • Apache Software Foundation Axis 1.2 alpha
    cpe:2.3:a:apache:axis:1.2:alpha
  • Apache Software Foundation Axis 1.2
    cpe:2.3:a:apache:axis:1.2
  • Apache Software Foundation Axis 1.1 release candidate 2
    cpe:2.3:a:apache:axis:1.1:rc2
  • Apache Software Foundation Axis 1.1 release candidate 1
    cpe:2.3:a:apache:axis:1.1:rc1
  • Apache Software Foundation Axis 1.1 beta
    cpe:2.3:a:apache:axis:1.1:beta
  • Apache Software Foundation Axis 1.1
    cpe:2.3:a:apache:axis:1.1
  • Apache Software Foundation Axis 1.0 release candidate 2
    cpe:2.3:a:apache:axis:1.0:rc2
  • Apache Software Foundation Axis 1.0 release candidate 1
    cpe:2.3:a:apache:axis:1.0:rc1
  • Apache Software Foundation Axis 1.0 beta
    cpe:2.3:a:apache:axis:1.0:beta
  • Apache Software Foundation Axis 1.0
    cpe:2.3:a:apache:axis:1.0
CVSS
Base: 5.8 (as of 27-08-2014 - 13:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16821.NASL
    description The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 93256
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93256
    title F5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1193.NASL
    description From Red Hat Security Advisory 2014:1193 : Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596) For additional information on this flaw, refer to the Knowledgebase article in the References section. This issue was discovered by David Jorm and Arun Neelicattu of Red Hat Product Security. All axis users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77694
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77694
    title Oracle Linux 5 / 6 : axis (ELSA-2014-1193)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140915_AXIS_ON_SL5_X.NASL
    description It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596) Applications using Apache Axis must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 77700
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77700
    title Scientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1193.NASL
    description Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596) For additional information on this flaw, refer to the Knowledgebase article in the References section. This issue was discovered by David Jorm and Arun Neelicattu of Red Hat Product Security. All axis users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77692
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77692
    title CentOS 5 / 6 : axis (CESA-2014:1193)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-412.NASL
    description It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78355
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78355
    title Amazon Linux AMI : axis (ALAS-2014-412)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-169.NASL
    description A vulnerability was fixed in axis, a SOAP implementation in Java : The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. Thanks to Markus Koschany for providing the fixed package and David Jorm and Arun Neelicattu (Red Hat Product Security) for providing the patch. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82153
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82153
    title Debian DLA-169-1 : axis security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1193.NASL
    description Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596) For additional information on this flaw, refer to the Knowledgebase article in the References section. This issue was discovered by David Jorm and Arun Neelicattu of Red Hat Product Security. All axis users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 77695
    published 2014-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77695
    title RHEL 5 / 6 : axis (RHSA-2014:1193)
redhat via4
advisories
bugzilla
id 1129935
title CVE-2014-3596 axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193002
        • comment axis is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683003
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193004
        • comment axis-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683005
      • AND
        • comment axis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193006
        • comment axis-manual is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683007
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193012
        • comment axis is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269006
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193016
        • comment axis-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269008
      • AND
        • comment axis-manual is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193014
        • comment axis-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269010
rhsa
id RHSA-2014:1193
released 2014-09-15
severity Important
title RHSA-2014:1193: axis security update (Important)
rpms
  • axis-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-2jpp.8.el5_10
  • axis-manual-0:1.2.1-2jpp.8.el5_10
  • axis-0:1.2.1-7.5.el6_5
  • axis-javadoc-0:1.2.1-7.5.el6_5
  • axis-manual-0:1.2.1-7.5.el6_5
refmap via4
bid 69295
confirm http://linux.oracle.com/errata/ELSA-2014-1193.html
misc https://issues.apache.org/jira/browse/AXIS-2905
mlist [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack
sectrack 1030745
secunia 61222
xf apache-axis-cve20143596-spoofing(95377)
Last major update 06-01-2017 - 22:00
Published 26-08-2014 - 20:55
Last modified 28-08-2017 - 21:34
Back to Top