mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1.4 KiB
1.4 KiB
CVE-2014-3596
Description
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784.
POC
Reference
Github
- https://github.com/eliasgranderubio/4depcheck
- https://github.com/hinat0y/Dataset1
- https://github.com/hinat0y/Dataset10
- https://github.com/hinat0y/Dataset11
- https://github.com/hinat0y/Dataset12
- https://github.com/hinat0y/Dataset2
- https://github.com/hinat0y/Dataset3
- https://github.com/hinat0y/Dataset4
- https://github.com/hinat0y/Dataset5
- https://github.com/hinat0y/Dataset6
- https://github.com/hinat0y/Dataset7
- https://github.com/hinat0y/Dataset8
- https://github.com/hinat0y/Dataset9