ID CVE-2014-3596
Summary The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784. <a href="http://cwe.mitre.org/data/definitions/297.html" target="_blank">CWE-297: Improper Validation of Certificate with Host Mismatch</a>
References
Vulnerable Configurations
  • cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:-:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 07-06-2019 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
bugzilla
id 1129935
title CVE-2014-3596 axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193002
        • comment axis is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683003
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193004
        • comment axis-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683005
      • AND
        • comment axis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
          oval oval:com.redhat.rhsa:tst:20141193006
        • comment axis-manual is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20130683007
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment axis is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193012
        • comment axis is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269006
      • AND
        • comment axis-javadoc is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193016
        • comment axis-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269008
      • AND
        • comment axis-manual is earlier than 0:1.2.1-7.5.el6_5
          oval oval:com.redhat.rhsa:tst:20141193014
        • comment axis-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130269010
rhsa
id RHSA-2014:1193
released 2014-09-15
severity Important
title RHSA-2014:1193: axis security update (Important)
rpms
  • axis-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-2jpp.8.el5_10
  • axis-manual-0:1.2.1-2jpp.8.el5_10
  • axis-0:1.2.1-7.5.el6_5
  • axis-javadoc-0:1.2.1-7.5.el6_5
  • axis-manual-0:1.2.1-7.5.el6_5
refmap via4
bid 69295
confirm http://linux.oracle.com/errata/ELSA-2014-1193.html
misc https://issues.apache.org/jira/browse/AXIS-2905
mlist
  • [axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596
  • [oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack
sectrack 1030745
secunia 61222
suse openSUSE-SU-2019:1497
xf apache-axis-cve20143596-spoofing(95377)
Last major update 07-06-2019 - 21:29
Published 27-08-2014 - 00:55
Back to Top