Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.4
-
None
-
None
-
None
Description
It was found that the fix for CVE-2012-5784 was incomplete. The code added to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can spoof a valid certificate using a specially crafted subject.
For more details, see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596
https://access.redhat.com/solutions/1164433
Attachments
Attachments
Issue Links
- supercedes
-
AXIS-2883 Insecure certificate validation CVE-2012-5784
- Closed