Rapid7 Vulnerability & Exploit Database

ELSA-2013-0683 Moderate: Oracle Linux axis security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2013-0683 Moderate: Oracle Linux axis security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

11/04/2012

Created

07/25/2018

Added

03/28/2013

Modified

04/11/2019

Description

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Solution(s)

oracle-linux-upgrade-axis
oracle-linux-upgrade-axis-javadoc
oracle-linux-upgrade-axis-manual

References

https://attackerkb.com/topics/cve-2012-5784
56408
CVE - 2012-5784
RHSA-2013:0269
RHSA-2013:0683
RHSA-2014:0037
http://oss.oracle.com/pipermail/el-errata/2013-March/003386.html
79829

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;