CVE-2014-3596
Description
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subjects Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.182
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.54 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 7.2.0 | Windows |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Apache - axis 1.4 | Windows |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Axis - axis 1.4 | Windows |
| Axis security update (CESA-2014:1193) axis-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| Axis security update (CESA-2014:1193) axis-manual-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| Axis security update (CESA-2014:1193) axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-1.2.1-2jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-1.2.1-2jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-manual-1.2.1-2jpp.8.el5_10.i386.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:1193) Important: axis security update axis-manual-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| SUSE-SU-2019:1382-1(SUSE Linux Enterprise Server 12-SP4 ) axis-1.4-290.6.1.noarch.rpm | Linux |
| Axis update (ELSA-2014-1193) axis-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| Axis-javadoc update (ELSA-2014-1193) axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| Axis-manual update (ELSA-2014-1193) axis-manual-1.2.1-7.5.el6_5.noarch.rpm | Linux |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Apache - axis for Linux 1.4 | Linux |
| Vulnerabilities CVE-2012-5784,CVE-2014-3596,CVE-2019-0227,CVE-2018-8032,CVE-2023-40743 are affected in Axis - axis for Linux 1.4 | Linux |
| CVE-2014-3596 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234