Skip to content

Apache Axis2 has Improper Input Validation

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Dec 4, 2025

Package

maven org.apache.axis2:axis2 (Maven)

Affected versions

< 1.8.0

Patched versions

1.8.0
maven org.apache.axis2:axis2-transport-http (Maven)
< 1.8.0
1.8.0

Description

Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

References

Published by the National Vulnerability Database Nov 4, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jul 12, 2022
Last updated Dec 4, 2025

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(65th percentile)

Weaknesses

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Learn more on MITRE.

CVE ID

CVE-2012-5785

GHSA ID

GHSA-wwq7-pxwc-p4rc

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.