{"id":"MGASA-2014-0549","summary":"Updated axis packages fix CVE-2014-3596","details":"Updated axis packages fixes security vulnerability:\n\nIt was discovered that Axis incorrectly extracted the host name from an\nX.509 certificate subject's Common Name (CN) field. A man-in-the-middle\nattacker could use this flaw to spoof an SSL server using a specially\ncrafted X.509 certificate (CVE-2014-3596).\n","modified":"2026-04-16T06:24:10.308126149Z","published":"2014-12-26T17:04:58Z","upstream":["CVE-2014-3596"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0549.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14103"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2014-1193.html"}],"affected":[{"package":{"name":"axis","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/axis?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4-24.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0549.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}