Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability


Apache Axis and Axis2/Java are prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.



Vulnerable Systems:
 * Apache Axis 1.4 and prior

Apache Axis could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.

CVE Information:

Disclosure Timeline:
Published: November 06 2012

Categories: News