The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
CVE-2014-3596 - Medium Severity Vulnerability
An implementation of the SOAP ("Simple Object Access Protocol") submission to W3C.
Library home page: http://ws.apache.org/axis
Path to vulnerable library: /src/test/resources/webgoat/WEB-INF/lib/axis-1.4.jar
Dependency Hierarchy: - :x: **axis-1.4.jar** (Vulnerable Library)
Found in HEAD commit: e2144e84b1fdbf18c01c24e6ab9ade7b45b25283
Found in base branch: master
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
Publish Date: 2014-08-27
URL: CVE-2014-3596
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3596
Release Date: 2014-08-27
Fix Resolution: axis:axis - 1.3-atlassian-1