Oval Definition:oval:com.redhat.rhsa:def:20130269
Revision Date:2013-02-19Version:637
Title:RHSA-2013:0269: axis security update (Moderate)
Description:Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers.

  • Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784)

    All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-5784
    CVE-2012-5784
    RHSA-2013:0269
    RHSA-2013:0269-02
    RHSA-2013:0269-02
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • axis is earlier than 0:1.2.1-7.3.el6_3
  • AND axis is signed with Red Hat redhatrelease2 key
  • axis-javadoc is earlier than 0:1.2.1-7.3.el6_3
  • AND axis-javadoc is signed with Red Hat redhatrelease2 key
  • axis-manual is earlier than 0:1.2.1-7.3.el6_3
  • AND axis-manual is signed with Red Hat redhatrelease2 key
    • BACK