CVE-2014-3596 - The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname

CVE-2014-3596

Summary

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

References

Vulnerable Configurations

cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 13-02-2023 - 00:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

advisories

bugzilla

id	1129935
title	CVE-2014-3596 axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment axis is earlier than 0:1.2.1-2jpp.8.el5_10
oval oval:com.redhat.rhsa:tst:20141193001
comment axis is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130683002

AND

comment axis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
oval oval:com.redhat.rhsa:tst:20141193003
comment axis-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130683004

AND

comment axis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
oval oval:com.redhat.rhsa:tst:20141193005
comment axis-manual is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130683006

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment axis is earlier than 0:1.2.1-7.5.el6_5
oval oval:com.redhat.rhsa:tst:20141193008
comment axis is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130269002

AND

comment axis-javadoc is earlier than 0:1.2.1-7.5.el6_5
oval oval:com.redhat.rhsa:tst:20141193010
comment axis-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130269004

AND
comment axis-manual is earlier than 0:1.2.1-7.5.el6_5
oval oval:com.redhat.rhsa:tst:20141193012
comment axis-manual is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130269006

rhsa

id	RHSA-2014:1193
released	2014-09-15
severity	Important
title	RHSA-2014:1193: axis security update (Important)

rpms

axis-0:1.2.1-2jpp.8.el5_10
axis-0:1.2.1-7.5.el6_5
axis-debuginfo-0:1.2.1-2jpp.8.el5_10
axis-javadoc-0:1.2.1-2jpp.8.el5_10
axis-javadoc-0:1.2.1-7.5.el6_5
axis-manual-0:1.2.1-2jpp.8.el5_10
axis-manual-0:1.2.1-7.5.el6_5

refmap via4

bid	69295
confirm	http://linux.oracle.com/errata/ELSA-2014-1193.html
misc	https://issues.apache.org/jira/browse/AXIS-2905 https://www.oracle.com/security-alerts/cpujan2020.html
mlist	[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596 [axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 [axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 [axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596 [axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596 [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack
sectrack	1030745
secunia	61222
suse	openSUSE-SU-2019:1497 openSUSE-SU-2019:1526
xf	apache-axis-cve20143596-spoofing(95377)

Last major update

13-02-2023 - 00:40

Published

27-08-2014 - 00:55

Last modified

13-02-2023 - 00:40