CVE-2012-5784
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Known Affected Software
42 configuration(s) from 2 vendor(s)
axis
Version:
1.3
CPE:
cpe:2.3:a:apache:axis:1.3:*:*:*:*:*:*:*
activemq
Version:
3.2.2
CPE:
cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*
activemq
Version:
4.0.2
CPE:
cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
2.0
CPE:
cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*
activemq
Version:
3.0
CPE:
cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*
axis
Version:
1.4
CPE:
cpe:2.3:a:apache:axis:1.4:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
1.5
CPE:
cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*
axis
Version:
1.0
CPE:
cpe:2.3:a:apache:axis:1.0:rc2:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
3.2
CPE:
cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
axis
Version:
1.2.1
CPE:
cpe:2.3:a:apache:axis:1.2.1:*:*:*:*:*:*:*
activemq
Version:
4.1.2
CPE:
cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
axis
Version:
-
CPE:
cpe:2.3:a:apache:axis:-:alpha1:*:*:*:*:*:*
activemq
Version:
3.1
CPE:
cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*
activemq
Version:
1.3
CPE:
cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*
axis
Version:
1.1
CPE:
cpe:2.3:a:apache:axis:1.1:*:*:*:*:*:*:*
axis
Version:
1.2
CPE:
cpe:2.3:a:apache:axis:1.2:*:*:*:*:*:*:*
activemq
Version:
4.0
CPE:
cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
5.7.0
CPE:
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
activemq
Version:
1.1
CPE:
cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*
activemq
Version:
1.4
CPE:
cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*
activemq
Version:
4.0.1
CPE:
cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
activemq
Version:
3.2.1
CPE:
cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*
activemq
Version:
1.2
CPE:
cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
4.1.0
CPE:
cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
activemq
Version:
2.1
CPE:
cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*
activemq
Version:
5.5.1
CPE:
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
5.6.0
CPE:
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
activemq
Version:
4.1.1
CPE:
cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
payments_pro
Version:
-
CPE:
cpe:2.3:a:paypal:payments_pro:-:*:*:*:*:*:*:*
mass_pay
Version:
-
CPE:
cpe:2.3:a:paypal:mass_pay:-:*:*:*:*:*:*:*
transactional_information_soap
Version:
-
CPE:
cpe:2.3:a:paypal:transactional_information_soap:-:*:*:*:*:*:*:*
This vulnerability affects 42 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.htmlcve@mitre.org
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.htmlcve@mitre.org
-
http://rhn.redhat.com/errata/RHSA-2013-0269.htmlcve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0683.htmlcve@mitre.org Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0037.htmlcve@mitre.org Third Party Advisory
-
http://secunia.com/advisories/51219cve@mitre.org
-
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdfcve@mitre.org Exploit Technical Description
-
http://www.securityfocus.com/bid/56408cve@mitre.org Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829cve@mitre.org
-
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5%40%3Cjava-dev.axis.apache.org%3Ecve@mitre.org
-
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780%40%3Cjava-dev.axis.apache.org%3Ecve@mitre.org
-
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832%40%3Cjava-dev.axis.apache.org%3Ecve@mitre.org
-
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d%40%3Cjava-dev.axis.apache.org%3Ecve@mitre.org
-
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c%40%3Cjava-dev.axis.apache.org%3Ecve@mitre.org
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://rhn.redhat.com/errata/RHSA-2013-0269.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0683.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0037.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://secunia.com/advisories/51219af854a3a-2127-422b-91ae-364da2661108
-
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdfaf854a3a-2127-422b-91ae-364da2661108 Exploit Technical Description
-
http://www.securityfocus.com/bid/56408af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829af854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5%40%3Cjava-dev.axis.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780%40%3Cjava-dev.axis.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832%40%3Cjava-dev.axis.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d%40%3Cjava-dev.axis.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c%40%3Cjava-dev.axis.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-20
Top 25 #14
Improper Input Validation
- Description
- The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- November 04, 2012
