CVE-2014-3596 is a vulnerability in Apache Axis
Published on August 27, 2014

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-3596

Want to know whenever a new CVE is published for Apache Axis? stack.watch will email you.

Apache Axis

Exploit Probability

EPSS

1.23%

Percentile

79.06%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-3596 is a vulnerability in Apache AxisPublished on August 27, 2014

Products Associated with CVE-2014-3596

Exploit Probability

CVE-2014-3596 is a vulnerability in Apache Axis
Published on August 27, 2014