ID CVE-2014-3596
Summary The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. <a href="http://cwe.mitre.org/data/definitions/297.html" target="_blank">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
References
Vulnerable Configurations
  • cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 15-01-2020 - 20:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
bugzilla
id 1129935
title CVE-2014-3596 axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193001
        • comment axis is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683002
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193003
        • comment axis-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683004
      • AND
        • comment axis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193005
        • comment axis-manual is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683006
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193008
        • comment axis is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269002
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193010
        • comment axis-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269004
      • AND
        • comment axis-manual is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193012
        • comment axis-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269006
rhsa
id RHSA-2014:1193
released 2014-09-15
severity Important
title RHSA-2014:1193: axis security update (Important)
rpms
  • axis-0:1.2.1-2jpp.8.el5_10
  • axis-0:1.2.1-7.5.el6_5
  • axis-debuginfo-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-7.5.el6_5
  • axis-manual-0:1.2.1-2jpp.8.el5_10
  • axis-manual-0:1.2.1-7.5.el6_5
refmap via4
bid 69295
confirm http://linux.oracle.com/errata/ELSA-2014-1193.html
misc
mlist
  • [axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack
sectrack 1030745
secunia 61222
suse
  • openSUSE-SU-2019:1497
  • openSUSE-SU-2019:1526
xf apache-axis-cve20143596-spoofing(95377)
Last major update 15-01-2020 - 20:15
Published 27-08-2014 - 00:55
Last modified 15-01-2020 - 20:15
Back to Top