CVE ID: CVE-2014-3596 Type: Bug Priority: Major Affects Version(s): 1.4 Component(s): None Labels: None Status: Closed Resolution: Fixed Fix Version(s): None Description: The fix for CVE-2012-5784 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate using a specially crafted subject. References: Bugzilla Redhat Access Redhat Solution Attachments: CVE-2014-3596.patch (12 KB) - 19/Aug/14 02:12 Issue Links: Supercedes: - AXIS-2883 Insecure certificate validation CVE-2012-5784 - Closed People: Assignee: Robert Lazarski Reporter: David Jorm Votes: 2 Watchers: 7 Dates: Created: 19/Aug/14 00:45 Updated: 21/Dec/21 00:44 Resolved: 09/Sep/19 17:49