EUVD-2018-0479

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Apache Commons HttpClient before 4.2.3 allows hostname spoofing via improper SSL certificate verification

Reporter	Title	Published	Views	Family All 229
IBM Security Bulletins	Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)	17 Jun 201812:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (ISVG IMVA)	21 Sep 202120:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-20492, CVE-2021-29754, CVE-2021-29736, CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)	16 Sep 202106:01	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)	29 Jun 202110:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	21 Sep 202109:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an improper input validation due to Apache Commons HttpClient	9 Jan 202615:21	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack	12 Dec 202213:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities	18 Jul 201809:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)	4 Oct 202312:58	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM InfoSphere Information Server (CVE-2012-6153 CVE-2014-3577)	16 Jun 201813:40	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "d0e8ff3f-a1e9-3abb-9fca-e9719324d686",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "9033d1f0-c51a-3f26-9fac-511f081ef3b9",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-6153
github	www.github.com/apache/httpcomponents-client/commit/6e14fc146a66e0f3eb362f45f95d1a58ee18886a
github	www.github.com/apache/httpcomponents-client/commit/b930227f907af1198765fc47beabbddae344ca7b
access	www.access.redhat.com/solutions/1165533
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/advisories/GHSA-2x83-r56g-cv47
h20566	www.h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay
rhn	www.rhn.redhat.com/errata/RHSA-2014-1098.html
rhn	www.rhn.redhat.com/errata/RHSA-2014-1833.html
rhn	www.rhn.redhat.com/errata/RHSA-2014-1834.html

07 Oct 2025 00:30Current

5.4Medium risk

Vulners AI Score5.4

CVSS 24.3

EPSS0.01248