CVE-2012-5784
Description
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subjects Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.203
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 7.2.0 | Windows |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Apache - axis 1.4 | Windows |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Axis - axis 1.4 | Windows |
| SUSE-SU-2019:1382-1(SUSE Linux Enterprise Server 12-SP4 ) axis-1.4-290.6.1.noarch.rpm | Linux |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Apache - axis for Linux 1.4 | Linux |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Axis - axis for Linux 1.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234