Lucene search

K
mageia
Gentoo FoundationMGASA-2014-0347
HistoryAug 25, 2014 - 12:44 p.m.

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

2014-08-2512:44:11
Gentoo Foundation
advisories.mageia.org
26

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.6%

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability: The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a ‘Man in the Middle Attack’ due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used (CVE-2012-6153).

How to protect your server from attacks?

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.6%

Related for MGASA-2014-0347