Red Hat Security Advisory 2014-1323-01

Red Hat Security Advisory 2014-1323-01 – Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject’s Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject’s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

Leave a Reply