Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2014-412

Related Vulnerabilities: CVE-2014-3596  

It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)

Source

ALAS-2014-412

Amazon Linux AMI Security Advisory: ALAS-2014-412
Advisory Release Date: 2014-09-17 21:47 Pacific
Advisory Updated Date: 2014-09-19 12:09 Pacific
Severity: Important
Issue Overview:

It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)


Affected Packages:

axis


Issue Correction:
Run yum update axis to update your system.

New Packages:
noarch:
    axis-1.2.1-7.5.14.amzn1.noarch
    axis-javadoc-1.2.1-7.5.14.amzn1.noarch
    axis-manual-1.2.1-7.5.14.amzn1.noarch

src:
    axis-1.2.1-7.5.14.amzn1.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started