What is CVE-2014-3596?

CVE-2014-3596 is a vulnerability in Apache Axis. Published 2014-08-27.

Is CVE-2014-3596 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Axis

CVE-2014-3596

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle at…

EPSS: 0.058 (92.2th percentile) — read the EPSS interpretation.

Affected products

Apache Axis — versions 1.0, 1.1, 1.2
N/a — versions n/a

Public proof-of-concept exploits

References

secalert@redhat.com (mailing-list, x_refsource_MLIST)
secalert@redhat.com (Patch, x_refsource_MISC)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (mailing-list, x_refsource_MLIST)
secalert@redhat.com (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-3596?: CVE-2014-3596 is a vulnerability in Apache Axis. Published 2014-08-27.
Is CVE-2014-3596 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.