Moderate severityNVD Advisory· Published Nov 4, 2012· Updated Apr 29, 2026
CVE-2012-5785
CVE-2012-5785
Description
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.axis2:axis2Maven | < 1.8.0 | 1.8.0 |
org.apache.axis2:axis2-transport-httpMaven | < 1.8.0 | 1.8.0 |
Affected products
9cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:apache:axis2:*:*:*:*:*:*:*:*range: <=1.6.2
- cpe:2.3:a:apache:axis2:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:axis2:1.6.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- www.cs.utexas.edu/~shmat/shmat_ccs12.pdfnvdExploitWEB
- github.com/advisories/GHSA-wwq7-pxwc-p4rcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-5785ghsaADVISORY
- exchange.xforce.ibmcloud.com/vulnerabilities/79830nvdWEB
- issues.apache.org/jira/browse/AXIS2-6018ghsaWEB
- secunia.com/advisories/51219nvd
- www.securityfocus.com/bid/56408nvd
News mentions
0No linked articles in our index yet.