RHEL 6 : devtoolset-2-axis (RHSA-2014:1123)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated devtoolset-2-axis package that fixes one security issue is
now available for Red Hat Developer Toolset 2.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Apache Axis is an implementation of SOAP (Simple Object Access
Protocol). It can be used to build both web service clients and
servers.

Apache Axis did not verify that the server host name matched the
domain name in the subject's Common Name (CN) or subjectAltName field
in X.509 certificates. This could allow a man-in-the-middle attacker
to spoof an SSL server if they had a certificate that was valid for
any domain name. (CVE-2012-5784)

All devtoolset-2-axis users are advised to upgrade to this updated
package, which contains a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-5784.html
http://rhn.redhat.com/errata/RHSA-2014-1123.html

Solution :

Update the affected devtoolset-2-axis package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 79045 ()

Bugtraq ID:

CVE ID: CVE-2012-5784

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now