4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
50.5%
HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on
httpcomponents HttpCore.
It was discovered that the HttpClient incorrectly extracted host name from
an X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2012-6153)
This issue was discovered by Florian Weimer of Red Hat Product Security.
For additional information on this flaw, refer to the Knowledgebase article
in the References section.
All devtoolset-2-httpcomponents-client users are advised to upgrade to
these updated packages, which contain a backported patch to correct this
issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | devtoolset-2-httpcomponents-client | < 4.2.1-6.el6 | devtoolset-2-httpcomponents-client-4.2.1-6.el6.noarch.rpm |
RedHat | 6 | noarch | devtoolset-2-httpcomponents-client-javadoc | < 4.2.1-6.el6 | devtoolset-2-httpcomponents-client-javadoc-4.2.1-6.el6.noarch.rpm |
RedHat | 6 | src | devtoolset-2-httpcomponents-client | < 4.2.1-6.el6 | devtoolset-2-httpcomponents-client-4.2.1-6.el6.src.rpm |