Lucene search

K
redhat
RedHatRHSA-2014:1146
HistorySep 03, 2014 - 12:00 a.m.

(RHSA-2014:1146) Important: httpcomponents-client security update

2014-09-0300:00:00
access.redhat.com
12

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on
httpcomponents HttpCore.

It was discovered that the HttpClient incorrectly extracted host name from
an X.509 certificate subject’s Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)

For additional information on this flaw, refer to the Knowledgebase
article in the References section.

All httpcomponents-client users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

69.5%

Related for RHSA-2014:1146