CVE-2014-3596 Medium Severity Vulnerability detected by WhiteSource #13
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2014-3596 - Medium Severity Vulnerability
POM was created from deploy:deploy-file
path: /html_test/10_webgoat-container-7.0.1/WEB-INF/lib/axis-1.4.jar,2/repository/axis/axis/1.4/axis-1.4.jar
Dependency Hierarchy:
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
Publish Date: 2014-08-27
URL: CVE-2014-3596
Base Score Metrics not available
Type: Upgrade version
Origin: http://xforce.iss.net/xforce/xfdb/95377
Release Date: 2017-12-31
Fix Resolution: Refer to Apache Web site for patch, upgrade or suggested workaround information. See References.
For IBM products:
Refer to the appropriate IBM Security Bulletin for patch, upgrade or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: