It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | axis | 2014-09-17 21:47 | ALAS-2014-412 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
NVD | CVSSv2 | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |