What is CVE-2012-5785?

CVE-2012-5785 is a vulnerability in Apache Axis2, classified under Improper Input Validation. Published 2012-11-04.

Is CVE-2012-5785 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Axis2

CVE-2012-5785

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL se…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.005 (66.1th percentile) — read the EPSS interpretation.

Affected products

Apache Axis2 — versions 1.5.1, 1.5.2, 1.5.3
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

adamziaja/vulnerability-check

References

51219 (x_refsource_SECUNIA, third-party-advisory)
apache-axis2-ssl-spoofing(79830) (vdb-entry, x_refsource_XF)
56408 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2012-5785?: CVE-2012-5785 is a vulnerability in Apache Axis2, classified under Improper Input Validation. Published 2012-11-04.
Is CVE-2012-5785 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.