CVE-2012-6107 - Vulnerability Details - OpenCVE

Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Apache Axis2\/c

Configuration 1 [-]

cpe:2.3:a:apache:apache_axis2\/c:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser
http://www.securityfocus.com/bid/57267
https://bugzilla.redhat.com/show_bug.cgi?id=894372
https://exchange.xforce.ibmcloud.com/vulnerabilities/81211
https://issues.apache.org/jira/browse/AXIS2C-1619
https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-09-29T22:00:00

Updated: 2024-08-06T21:28:38.640Z

Reserved: 2012-12-06T00:00:00

Link: CVE-2012-6107

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-09-29T22:55:05.427

Modified: 2025-04-12T10:46:40.837

Link: CVE-2012-6107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-12-22T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-07T18:06:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://issues.apache.org/jira/browse/AXIS2C-1619"}, {"name": "[axis-c-dev] 20130107 JIRA AXIS2C-1619 SSL/TLS hostname validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser"}, {"name": "57267", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57267"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894372"}, {"name": "axis2c-ssl-spoofing(81211)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211"}, {"name": "[axis-c-dev] 20190831 [jira] [Resolved] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20190831 [jira] [Commented] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20200128 [jira] [Comment Edited] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20200407 [jira] [Updated] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:28:38.640Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.apache.org/jira/browse/AXIS2C-1619"}, {"name": "[axis-c-dev] 20130107 JIRA AXIS2C-1619 SSL/TLS hostname validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser"}, {"name": "57267", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57267"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894372"}, {"name": "axis2c-ssl-spoofing(81211)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211"}, {"name": "[axis-c-dev] 20190831 [jira] [Resolved] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20190831 [jira] [Commented] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20200128 [jira] [Comment Edited] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E"}, {"name": "[axis-c-dev] 20200407 [jira] [Updated] (AXIS2C-1619) CVE-2012-6107: SSL/TLS Hostname validation", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-6107", "datePublished": "2014-09-29T22:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T21:28:38.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:apache_axis2\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E5D2518-0D15-48B6-9284-9D761D03A3DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."}, {"lang": "es", "value": "Apache Axis2/C no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido arbitrario."}], "id": "CVE-2012-6107", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-09-29T22:55:05.427", "references": [{"source": "secalert@redhat.com", "url": "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57267"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894372"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/AXIS2C-1619"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/AXIS2C-1619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r469d2a5b453c95fc8335f581422a5e7ae4d31f10d22650fb85abfc2d%40%3Cc-dev.axis.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfaf85467328c125126e2607196a7fb9510a9f9513dadf6d954b4af0c%40%3Cc-dev.axis.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}