1 |
type: security |
2 |
subject: Updated axis package fixes security vulnerability |
3 |
CVE: |
4 |
- CVE-2012-5784 |
5 |
src: |
6 |
2: |
7 |
core: |
8 |
- axis-1.4-6.1.mga2 |
9 |
description: | |
10 |
Apache Axis did not verify that the server hostname matched the domain name |
11 |
in the subject's Common Name (CN) or subjectAltName field in X.509 |
12 |
certificates. This could allow a man-in-the-middle attacker to spoof an SSL |
13 |
server if they had a certificate that was valid for any domain name |
14 |
(CVE-2012-5784). |
15 |
references: |
16 |
- https://bugs.mageia.org/show_bug.cgi?id=8936 |
17 |
- https://rhn.redhat.com/errata/RHSA-2013-0269.html |
18 |
ID: MGASA-2013-0200 |