Red Hat Security Advisory 2014-1123-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All devtoolset-2-axis users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
fc012b67d580e6a5d54fae42870f3b6522d860d01b90618b5a96102cc6098b22Red Hat Security Advisory 2014-0037-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.
0efac53ce37dda2703115556d8acdb23c24e8653403827521c96bb2c8715f1abRed Hat Security Advisory 2013-0683-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
3628c67c09cb1d58f378fc54ee8bc4d98a205cf03c0b2e687a9e28c81488c349Red Hat Security Advisory 2013-0269-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
d9cdac0fcd5149ca0ace42fe10b6132c75222c4606964c787f153fd6985357f9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed