[Secure-testing-team] Bug#697974: axis2c: CVE-2012-6107: Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 12 09:08:28 UTC 2013
Package: axis2c
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerability was published for axis2c.
CVE-2012-6107[0]:
Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate
See also upstream bugtracker[1]. Unfortunately patches do not seem to
be available yet.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-6107
[1] https://issues.apache.org/jira/browse/AXIS2C-1619
Please adjust the affected versions and severity in the BTS as needed.
Regards,
Salvatore
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ8SgIAAoJEHidbwV/2GP+iCoQAIaUq7mZTY5lWNktMfmAFjCr
FHkyJd8RNOpuXXRZnzW7zxyONubafnmKQ8xxGFq3qZjyK7v3d/VZ8B0zw+NQq6l1
WZqJ+ibk3QCpV+UMjBKHYs4FCbbwxXzYiwP9VFRJORxjjnAJ6uaEBhWex7sEGsU/
DPSSMnisYN9ckwSYLt81BdOerHR9BwZxG7RtxL8ZPx3mtcsnTKlUiDtdcKxp30VN
c7BAGAra57ktYiOhCX1JiyXjIExxMBDio43BTuOts6pGGKlHX7dwLSvL9/g408dD
mYw+ocGRGVg2nLBKzVdKZgYRm7v+4lzzBMbBG0Grh5L4WXOwkQ+nuKeFGt7D1M1t
qk65p7uiBqCEV+Vmj0cgtjSgCI5ZQE9QyArVfrF4Gfq8bz6LA5okhSwizTBi7LdG
rIOYy+pZHiNhsJJkAtKY2u8UrdpTj6BaYsBX3OxVi1Kl5zrp9PRSVeSxMcqefn8E
ppgPk0BoFBBdIRs4CmxRQcgXc9um0NxTee9vhLnYlQN/kiWpcAE2DaKUHmbg8WFe
aXRSa6kWZpEN2NQrywfw9QY3owgQ0cS6ydegZBG4vmZPa4yIZEQatNF1ukTVdi8L
20ZcEZ8kD1LgfoyOkUeLatn8ShbB8g/eglVcAojjQh9I6NPmpfC9cRhYP0+BQnLi
jyXvmJ1BdKRt/z4ul20M
=JE3j
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list