Synopsis: Important: axis security update
Advisory ID: SLSA-2014:1193-1
Issue Date: 2014-09-15
CVE Numbers: CVE-2014-3596
—
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)
Applications using Apache Axis must be restarted for this update to take
effect.
—
SL5
x86_64
axis-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm
i386
axis-1.2.1-2jpp.8.el5_10.i386.rpm
axis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm
axis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm
axis-manual-1.2.1-2jpp.8.el5_10.i386.rpm
SL6
noarch
axis-1.2.1-7.5.el6_5.noarch.rpm
axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm
axis-manual-1.2.1-7.5.el6_5.noarch.rpm
– Scientific Linux Development Team
