Amazon Linux AMI Security Advisory: ALAS-2014-412
Advisory Release Date: 2014-09-19 12:09 Pacific
It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596 )
Run yum update axis to update your system.