There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server.
CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/79984 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Jazz for Service Management version 1.1.0 - 1.1.3
Principal Product and Version(s)
| Affected Supporting Product and Version | Affected Supporting Product Security Bulletin
—|—|—
Jazz for Service Management version 1.1.0 - 1.1.3 | Websphere Application Server Full Profile 8.5.5 |
Please refer to WAS iFix