Lucene search
GitHub Advisory DatabaseGHSA-WWQ7-PXWC-P4RCHistoryMay 17, 2022 - 1:38 a.m.
Improper Input Validation in Apache Axis2
2022-05-1701:38:56
CWE-20
GitHub Advisory Database
github.com
31
apache axis2
input validation
ssl servers
x.509 certificate
man-in-the-middle
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.001
Percentile
25.1%
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected configurations
Node
org.apache.axis2axis2Range≤1.6.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.axis2 | axis2 | * | cpe:2.3:a:org.apache.axis2:axis2:*:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2012-11-04 22:55:00
cvelist
cvelist
CVE-2012-5785
2012-11-04 22:00:00
ibm
ibm
cve
cve
CVE-2012-5785
2012-11-04 22:55:03
osv
osv
Improper Input Validation in Apache Axis2
2022-05-17 01:38:56
nvd
nvd
CVE-2012-5785
2012-11-04 22:55:03
openvas
openvas
Apache Axis2 <= 1.6.2 Multiple Vulnerabilities
2015-03-17 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
0.001
Percentile
25.1%
Related for GHSA-WWQ7-PXWC-P4RC