Oval Definition:oval:com.redhat.rhsa:def:20130683
Revision Date:2013-03-25Version:635
Title:RHSA-2013:0683: axis security update (Moderate)
Description:Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers.

  • Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784)

    All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-5784
    RHSA-2013:0683
    RHSA-2013:0683-00
    RHSA-2013:0683-01
    RHSA-2013:0683-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • axis is earlier than 0:1.2.1-2jpp.7.el5_9
  • AND axis is signed with Red Hat redhatrelease2 key
  • axis-javadoc is earlier than 0:1.2.1-2jpp.7.el5_9
  • AND axis-javadoc is signed with Red Hat redhatrelease2 key
  • axis-manual is earlier than 0:1.2.1-2jpp.7.el5_9
  • AND axis-manual is signed with Red Hat redhatrelease2 key
    • BACK