Oval Definition:oval:org.mitre.oval:def:26820
Revision Date:2014-11-10Version:9
Title:RHSA-2014:1193: axis security update (Important)
Description:Apache Axis is an implementation of SOAP (Simple Object Access Protocol).It can be used to build both web service clients and servers.It was discovered that Axis incorrectly extracted the host name from anX.509 certificate subject's Common Name (CN) field. A man-in-the-middleattacker could use this flaw to spoof an SSL server using a speciallycrafted X.509 certificate. (CVE-2014-3596)For additional information on this flaw, refer to the Knowledgebase articlein the References section.This issue was discovered by David Jorm and Arun Neelicattu of Red HatProduct Security.All axis users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. Applications using ApacheAxis must be restarted for this update to take effect.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2014:1193
CVE-2014-3596
RHSA-2014:1193-00
Platform(s):CentOS Linux 5
CentOS Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):axis
Definition Synopsis
  • Operation system section
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • axis is earlier than 0:1.2.1-2jpp.8.el5_10
  • OR axis-javadoc is earlier than 0:1.2.1-2jpp.8.el5_10
  • OR axis-manual is earlier than 0:1.2.1-2jpp.8.el5_10
  • Operation system section
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • axis is earlier than 0:1.2.1-7.5.el6_5
  • OR axis-javadoc is earlier than 0:1.2.1-7.5.el6_5
  • OR axis-manual is earlier than 0:1.2.1-7.5.el6_5
    • BACK