Scientific Linux Security Update : axis on SL5.x, SL6.x i386/x86_64
Medium Nessus Plugin ID 77700
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionIt was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596)
Applications using Apache Axis must be restarted for this update to take effect.
SolutionUpdate the affected packages.