Amazon Linux 1 Security Advisory: ALAS-2014-412
Advisory Release Date: 2014-09-17 21:47 Pacific
Advisory Updated Date: 2014-09-19 12:09 Pacific
It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)
Affected Packages:
axis
Issue Correction:
Run yum update axis to update your system.
noarch:
axis-1.2.1-7.5.14.amzn1.noarch
axis-javadoc-1.2.1-7.5.14.amzn1.noarch
axis-manual-1.2.1-7.5.14.amzn1.noarch
src:
axis-1.2.1-7.5.14.amzn1.src