Skip to content

Improper Input Validation in Apache Axis2

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

maven org.apache.axis2:axis2 (Maven)

Affected versions

<= 1.6.2

Patched versions

1.8.0

Description

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

Published by the National Vulnerability Database Nov 4, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jul 12, 2022
Last updated Jan 27, 2023

Severity

Moderate

EPSS score

0.059%
(26th percentile)

Weaknesses

CVE ID

CVE-2012-5785

GHSA ID

GHSA-wwq7-pxwc-p4rc

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.