Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published

2012-11-04T22:55:03.327

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	activemq	≤ 5.7.0	Yes
Application	apache	axis	≤ 1.4	Yes
Application	apache	axis	-	Yes
Application	apache	axis	-	Yes
Application	apache	axis	-	Yes
Application	apache	axis	-	Yes
Application	apache	axis	-	Yes
Application	apache	axis	-	Yes
Application	apache	axis	1.0	Yes
Application	apache	axis	1.0	Yes
Application	apache	axis	1.0	Yes
Application	apache	axis	1.0	Yes
Application	apache	axis	1.1	Yes
Application	apache	axis	1.1	Yes
Application	apache	axis	1.1	Yes
Application	apache	axis	1.1	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2	Yes
Application	apache	axis	1.2.1	Yes
Application	apache	axis	1.3	Yes
Application	paypal	mass_pay	-	Yes
Application	paypal	payments_pro	-	Yes
Application	paypal	transactional_information_soap	-	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-0269.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-0683.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0037.html Third Party Advisory ([email protected])
http://secunia.com/advisories/51219 ([email protected])
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf Exploit, Technical Description ([email protected])
http://www.securityfocus.com/bid/56408 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 ([email protected])
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5%40%3Cjava-dev.axis.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780%40%3Cjava-dev.axis.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832%40%3Cjava-dev.axis.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d%40%3Cjava-dev.axis.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c%40%3Cjava-dev.axis.apache.org%3E ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0269.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0683.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0037.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51219 (af854a3a-2127-422b-91ae-364da2661108)
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf Exploit, Technical Description (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/56408 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5%40%3Cjava-dev.axis.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780%40%3Cjava-dev.axis.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832%40%3Cjava-dev.axis.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d%40%3Cjava-dev.axis.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c%40%3Cjava-dev.axis.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)