Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Axis 安全漏洞
Vulnerability Description
Apache Axis是美国阿帕奇(Apache)基金会的一个开源、基于XML的Web服务架构。该产品包含了Java和C++语言实现的SOAP服务器,以及各种公用服务及API,以生成和部署Web服务应用。 Apache Axis 1.4及之前版本存在安全漏洞,该漏洞源于程序没有正确匹配服务器主机名和X509证书中主题。攻击者可通过特制的证书利用该漏洞实施中间人攻击,伪造数据,欺骗服务器。
CVSS Information
N/A
Vulnerability Type
N/A