Vulnerabilities > CVE-2014-3596 - Unspecified vulnerability in Apache Axis

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus
NVD
Published: 2014-08-27
Updated: 2023-02-13

Summary

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vulnerable Configurations

Part Description Count
Application
Apache
26

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-169.NASL
    descriptionA vulnerability was fixed in axis, a SOAP implementation in Java : The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject
    last seen2020-03-17
    modified2015-03-26
    plugin id82153
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82153
    titleDebian DLA-169-1 : axis security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1526.NASL
    descriptionThis update for axis fixes the following issues : Security issue fixed : - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125793
    published2019-06-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125793
    titleopenSUSE Security Update : axis (openSUSE-2019-1526)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2020.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to 17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to 19.12.0.1. It is, therefore, affected by multiple vulnerabilities: - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 used in Primavera Unifier. (CVE-2019-14540) - A memory exhaustion flaw exists in Apache Tika
    last seen2020-05-08
    modified2020-01-30
    plugin id133359
    published2020-01-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133359
    titleOracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1193.NASL
    descriptionFrom Red Hat Security Advisory 2014:1193 : Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject
    last seen2020-06-01
    modified2020-06-02
    plugin id77694
    published2014-09-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77694
    titleOracle Linux 5 / 6 : axis (ELSA-2014-1193)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers. (CVE-2019-16335, CVE-2019-14540) - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject
    last seen2020-05-08
    modified2020-01-15
    plugin id132936
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132936
    titleOracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1497.NASL
    descriptionThis update for axis fixes the following issues : Security issue fixed : - CVE-2012-5784, CVE-2014-3596: Fixed missing connection hostname check against X.509 certificate name (bsc#1134598). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125695
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125695
    titleopenSUSE Security Update : axis (openSUSE-2019-1497)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140915_AXIS_ON_SL5_X.NASL
    descriptionIt was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject
    last seen2020-03-18
    modified2014-09-16
    plugin id77700
    published2014-09-16
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77700
    titleScientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64 (20140915)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1193.NASL
    descriptionUpdated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject
    last seen2020-06-01
    modified2020-06-02
    plugin id77692
    published2014-09-16
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77692
    titleCentOS 5 / 6 : axis (CESA-2014:1193)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-412.NASL
    descriptionIt was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject
    last seen2020-06-01
    modified2020-06-02
    plugin id78355
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78355
    titleAmazon Linux AMI : axis (ALAS-2014-412)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1193.NASL
    descriptionUpdated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject
    last seen2020-06-01
    modified2020-06-02
    plugin id77695
    published2014-09-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77695
    titleRHEL 5 / 6 : axis (RHSA-2014:1193)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL16821.NASL
    descriptionThe getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id93256
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93256
    titleF5 Networks BIG-IP : Apache Axis vulnerability (SOL16821)

Redhat

advisories
bugzilla
id1129935
titleCVE-2014-3596 axis: SSL hostname verification bypass, incomplete CVE-2012-5784 fix
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentaxis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
          ovaloval:com.redhat.rhsa:tst:20141193001
        • commentaxis-javadoc is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20130683004
      • AND
        • commentaxis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
          ovaloval:com.redhat.rhsa:tst:20141193003
        • commentaxis-manual is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20130683002
      • AND
        • commentaxis is earlier than 0:1.2.1-2jpp.8.el5_10
          ovaloval:com.redhat.rhsa:tst:20141193005
        • commentaxis is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20130683006
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentaxis is earlier than 0:1.2.1-7.5.el6_5
          ovaloval:com.redhat.rhsa:tst:20141193008
        • commentaxis is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130269006
      • AND
        • commentaxis-manual is earlier than 0:1.2.1-7.5.el6_5
          ovaloval:com.redhat.rhsa:tst:20141193010
        • commentaxis-manual is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130269004
      • AND
        • commentaxis-javadoc is earlier than 0:1.2.1-7.5.el6_5
          ovaloval:com.redhat.rhsa:tst:20141193012
        • commentaxis-javadoc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20130269002
rhsa
idRHSA-2014:1193
released2014-09-15
severityImportant
titleRHSA-2014:1193: axis security update (Important)
rpms
  • axis-0:1.2.1-2jpp.8.el5_10
  • axis-0:1.2.1-7.5.el6_5
  • axis-debuginfo-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-2jpp.8.el5_10
  • axis-javadoc-0:1.2.1-7.5.el6_5
  • axis-manual-0:1.2.1-2jpp.8.el5_10
  • axis-manual-0:1.2.1-7.5.el6_5

References