Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
* Apache Axis 1.4 and prior
Apache Axis could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
Published: November 06 2012